When importing an Active Directory (AD) group that contains other groups, Okta imports all nested groups alongside the parent group. Okta then adds the members to their respective nested groups and the parent group.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• AD Imported Groups

How does Okta handle AD nested groups during an import?

If an imported group contains other groups, Okta imports all nested groups and the parent group. Okta then adds the users to their respective groups and the parent group.

For example, if the Active Directory Sales group contains groups East Coast Sales and West Coast Sales:

• Okta creates the Sales, East Coast Sales, and West Coast Sales groups upon import.
• Members of the East Coast Sales and West Coast Sales groups are added to their respective groups in Okta.
• These members also become members of the Sales group in Okta.

The following diagram illustrates how Okta translates nested groups and assigns users to both the parent and nested groups when importing users and groups from AD.