Okta Active Directory (AD) Agent version 3.18.0 and higher uses OAuth 2.0 for registration and communication, rather than an Application Programming Interface (API) token. This update improves security and introduces several operational changes for Okta administrators, including independent agent operation and modified system log reporting.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Okta Active Directory (AD) Agent version 3.18.0 and higher
• OAuth 2.0
• Application Programming Interface (API)

What are the operational changes for Okta Active Directory Agent version 3.18.0 and higher?

The transition to OAuth 2.0 introduces the following operational changes for the Okta AD Agent:

• Agents operate independently of the accounts used to register them. The agent continues to function even when the administrator account that installed it is deactivated or the administrator role is removed from that account.
• Actions performed by agents running version 3.18.0 and higher no longer report the registering administrator as the Actor in the System Log. The System Log displays the Actor as Active Directory Agent (AD_AGENT).
• Okta no longer generates API tokens for the AD Agents. The list of issued tokens (Security > API > Tokens) does not display an entry for these agents.
  NOTE: When upgrading an AD Agent that currently has an API token issued, the token may continue to appear in the list until it expires, and Okta automatically removes it. This removal typically occurs after 30 days without use.
• An application called Okta Agent Registration has been created in each organization to facilitate the OAuth device authorization flow.
• The final step of the AD Agent installation, which registers the AD Agent in the Okta organization, has been updated to reflect this change.
• During installation, the service account used to register the agent must pass the "Catch-all Rule" of the Default sign-in policy to complete the registration step.

Related References

• "Okta Agent Registration" Application is Assigned to Admins