How Does Okta Handle Active Directory Nested Groups
Sep 5, 2025
Okta Classic Engine
Okta Identity Engine
Lifecycle Management
Directories
Overview
This article describes how Okta handles Active Directory Nested Groups.
Applies To
- Active Directory Imported Groups
Solution
If an imported group contains other groups (nested groups), Okta imports all nested groups as well as the parent group and then adds the users to their respective groups and the parent group.
For example, if the Active Directory Sales group contains groups East Coast Sales and West Coast Sales:
- Okta will create the groups Sales, East Coast Sales, and West Coast Sales upon import.
- Members of the East Coast Sales and West Coast Sales groups will be members of their respective groups in Okta.
- These members will also be members of the Sales group in Okta.
The diagram below illustrates how nested groups translate when the users and groups are imported into Okta:
