<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Disconnect Okta Users from Active Directory
May 19, 2026
Okta Classic Engine
Directories
Overview

Administrators can disconnect users individually or in bulk to manage authentication sources. Disconnecting a user from Active Directory (AD) using the Okta Admin Console requires selecting specific password reset options.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Active Directory (AD)
  • User Management
Solution

How are users disconnected from Active Directory in Okta?

 

To disconnect users from Active Directory, navigate to the Okta Admin Console, locate the user or users, select the disconnect action, and choose the appropriate password reset options, as detailed in the video demonstration or the written instructions.

 

 

How is a single user disconnected from Active Directory?

Disconnect a single user from Active Directory by navigating to the user profile in the Okta Admin Console, selecting the disconnect action, and choosing the appropriate password reset option.

  1. In the Okta Admin Console, go to Directory, and then select People.
  2. Select the user to disconnect from AD.
  3. Select More Actions, and then choose Disconnect from AD.

Disconnect from AD

  1. Select a password option on the confirmation screen.
    • Choose Reset password now to send a password reset email to the user. By default, the link in the email expires after one hour.
    • Choose Don't reset password if the password requires a later reset or if the user requires reconnection to another source for Delegated Authentication. The user cannot sign in until the password is set.

 

Disconnect User Profile from AD

 

 

How are multiple users disconnected from Active Directory in bulk?

Disconnect multiple users from Active Directory simultaneously by selecting the desired users in the Okta Admin Console, executing the bulk disconnect action, and applying a password reset option.

  1. In the Okta Admin Console, go to Directory, and then select People.
  2. Select More Actions, and then choose Disconnect from AD.

Disconnect from AD

  1. Select the users to disconnect, and then select Disconnect Selected.

Disconnect from AD

  1. Select a password option on the confirmation screen.
    • Choose Reset password now to send a password reset email to the users. By default, the link in the email expires after one hour.
    • Choose Don't reset password if the password requires a later reset or if the users require reconnection to another source for Delegated Authentication. The users cannot sign in until the password is set.

 

NOTE: To switch users back to an AD-sourced state, re-import the users to link the Okta accounts to the AD accounts.

Recommended content

Still looking for help?
Loading
Disconnect Okta Users from Active Directory