<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Group Membership Not Pushed to Active Directory for Okta Staged Users
Apr 7, 2026
Okta Classic Engine
Okta Identity Engine
Directories
Overview

This article explains why group memberships are not pushed to Active Directory (AD) when a staged user is created in Okta. It clarifies the expected behavior regarding group membership synchronization for users who have not yet reached an active status.

Applies To
  • Active Directory (AD)
  • Group Push
  • Staged Users
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
Cause

Okta only pushes group membership updates to AD for users who are active and have an active AD application assignment. Because staged users are not yet active, group memberships are not synchronized to the downstream directory.

Solution

To ensure group memberships are pushed to AD, the user must be activated within Okta. Once the user's status changes from Staged to Active and they have an active AD application assignment, group memberships will synchronize as expected.

For further details, refer to the documentation regarding Provisioning Staged Okta Users to Active Directory.

Recommended content

Still looking for help?
Loading
Group Membership Not Pushed to Active Directory for Okta Staged Users