Updates to static values mapped to the Active Directory (AD) profile fail to push downstream. This occurs because assigning a static string value to a user requires a subsequent update to the appuser profile to trigger synchronization to Active Directory. Resolve this issue by manually running a Force Sync in the Okta Admin Console to push the updated attributes to Active Directory.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Active Directory (AD)
• Universal Directory
• Force Sync

Assigning a static string value mapped to the Active Directory profile requires a subsequent update to the application user (AppUser) profile to trigger automatic synchronization to Active Directory.

How are static Active Directory attributes synchronized from Okta?

Navigate to the Active Directory provisioning settings in the Okta Admin Console, then run a Force Sync to push the updated attributes to the downstream application.

1. In the Okta Admin Console, navigate to Directory, and then select Directory Integrations.
2. Select the Active Directory instance.
3. Select the Provisioning tab.
4. Scroll to the To Okta or To App section, depending on the required synchronization direction, and locate the Force Sync button above the list of mapped attributes.
5. Select Force Sync. A brief message appears confirming the start of the process.
6. Allow the synchronization to complete. The duration depends on the number of assigned users.

Related References

• The Okta User Profile And Application User Profile
• How To Use The Force Sync Option
• Updates to the Active Directory Manager Attribute Are Not Syncing to Okta