Okta AD Group Membership Does Not Update During Import When Skip Users During Import Is Active
May 8, 2026
Directories
All Engines
Okta Classic Engine
Okta Identity Engine
Overview
AD group membership does not update during full or incremental imports when the Do not import users - Skip users during import setting is active under Provisioning > To Okta. Clearing this setting allows Okta to update user memberships during imports.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Directories
- Active Directory (AD)
- Groups
- Group Membership
Cause
This is expected behavior. Okta imports groups when the Skip users during import setting is active, but Okta does not update group memberships until a user import completes via Just-in-Time (JIT) provisioning or Real-Time Sync.
Solution
How is the Okta Active Directory group membership updated during import?
To update group membership during Active Directory import, navigate to the Active Directory provisioning settings and clear the Skip users during import option.
- Go to Provisioning > To Okta.
- Clear the Do not import users - Skip users during import checkbox to allow Okta to process user updates during Incremental or Full Imports.
