<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Populate an Okta Group with Users from an Imported Active Directory Group
Oct 28, 2025
Okta Classic Engine
Directories
Okta Identity Engine
Overview

An admin may want to replicate the membership of an imported Active Directory group to an Okta-sourced group, possibly as a step in removing the AD instance from which the group is sourced.

Applies To
  • Active Directory (AD)
Solution
  1. Create an Okta group that will mirror the membership of the group already imported from Active Directory. The name of the Okta group does not need to match the AD group.
    1. Go to Directory > Groups and click Add group.
    2. Enter a group name and, optionally, a description.
    3. Both groups will now appear in Directory > Groups. NOTE: The Okta-sourced group will display an Okta icon and the description entered during creation, while the AD-sourced group will display a Windows icon and the description of the original AD group.
Okta Admin Groups - Okta and AD group displayed
  1. Create an Okta Group Rule to copy the group membership.
    1. Go to Directory > Groups and click the Rules tab.
    2. Click Add Rule.
    3. Enter a name for the rule.
    4. Ensure that the Use basic condition is highlighted and select Group membership in the IF field.
    5. Begin typing the name of the AD group in the box and select the AD group when it appears.
    6. In the THEN Assign to section, begin typing the name of the Okta group and select it when it appears.
    7. Click Save.
Configuration of an Okta Group Rule based on group membership
  1. Activate the newly created Okta Group Rule.
    1. Go to Directory > Groups and click the Rules tab.
    2. Find the rule that was just created and click Actions > Activate.
Activate Okta Group Rule
  1. In Directory > Groups, the membership of both groups should match. Open each group to confirm.
Okta Admin Groups - Okta and AD group displayed, membership count match
  1. Deactivate the Okta Group Rule. NOTE: It is critical that this rule is deactivated prior to the AD group being removed; otherwise, the rule will remove the members from the Okta-sourced group at that time.
    1. Go to Directory > Groups and click the Rules tab.
    2. Find the rule previously created and click Actions > Deactivate. Optionally, delete the rule.
Deactivate Okta Group Rule


NOTE: If the AD-sourced group has any application assignments that should be transferred to the Okta-sourced group, configure those application assignments on the Okta-sourced group prior to removal of the AD group to ensure there are no unwanted application unassignments.

When the AD group is removed, the membership of the Okta-sourced group will remain intact.

 

Recommended content

Still looking for help?
Loading
How to Populate an Okta Group with Users from an Imported Active Directory Group