<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Populate an Okta Group With Users From an Active Directory Organizational Unit
Apr 1, 2026
Okta Classic Engine
Directories
Okta Identity Engine
Overview

Creating an Okta group and populating it with users from an Active Directory (AD) organizational unit (OU) requires mapping the user's distinguished name attribute and creating a group rule. This process allows administrators to automatically assign AD users to specific Okta groups based on their OU membership.

 

 

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Groups
  • Group Rules
  • Active Directory (AD)
  • Organizational Unit (OU)
Solution

How is an Okta group populated with users from an Active Directory organizational unit?

 

Follow these steps to create an Okta group, configure a custom attribute, map the Active Directory distinguished name, and create a group rule to populate the users.

 

  1. Create an Okta group.
    1. In the Okta Admin Console, navigate to Directory > Groups.
    2. Select Add Group.
    3. Enter a name and an optional description for the group.
    4. Select Save.

 

  1. Create a custom Okta user attribute.
    1. Navigate to Directory > Profile Editor.
    2. Under Profile, select Okta > User (default).
    3. Select Add Attribute.
    4. Enter a name for the attribute. For example, enter adDN.
    5. Select Save.

 

  1. Map the distinguished name attribute from AD to the newly created Okta attribute.
    1. Navigate to the main Profile Editor page.
    2. Select the Active Directory profile.
    3. Select Mappings.
    4. On the AD to Okta User tab, locate the newly created Okta attribute in the right-hand column and enter appuser.dn in the corresponding mapping field.
      Review the following image for an example of the AD to Okta profile mappings for the custom attribute:
      Image - AD to Okta Profile Mappings - AD DN custom attribute
    5. Select Save Mappings, and then select Apply updates now.

 

  1. Copy the OU path from a user in the OU to populate the group.
    1. Navigate to the Okta profile of a user located in the target OU.
    2. Select the Profile tab.
    3. Locate the newly created Okta attribute to verify that the user's distinguished name populates correctly.
    4. Copy the OU path. For example, copy OU=Okta Users,DC=domain,DC=lcl. Do not include the CN=<first name> <last name> portion, as this restricts the rule to a single user.
    5. Store the OU path for later use.

 

  1. Create a group rule.
    1. Navigate to the Groups page and select the Rules tab.
    2. Select Add Rule.
    3. Enter a name for the rule.
    4. Under IF, select Use basic condition and configure the following settings:
      • First column: Select User attribute.
      • Second column: Select the newly created custom Okta attribute.
      • Third column: Select Contains.
      • Fourth column: Enter the previously copied OU path.
    5. Under THEN Assign to, search for and select the target group.
      Review the following image for an example of the group rule configuration used to populate the group based on the custom attribute:
      Image - Group Rule - Populate based on adDN
    6. Select Save.

 

  1. Activate the rule.
    1. On the Groups Rule page, locate the newly created rule, select Actions, and choose Activate Rule.
    2. Navigate to the Okta group and confirm the users appear as members.

 

Related References

Recommended content

Still looking for help?
Loading
Populate an Okta Group With Users From an Active Directory Organizational Unit