Real-Time Sync (RTS), or Just-In-Time (JIT) provisioning, updates Okta Active Directory (AD) user profiles and group memberships during sign-in. To ensure Okta maintains the most current data without waiting for scheduled imports, administrators can enable the JIT provisioning feature within the Okta Admin Console.
- Okta Classic Engine
- Okta Identity Engine (OIE)
- Directories
- Active Directory (AD)
- Real-Time Sync (RTS)
- Just-In-Time (JIT) Provisioning
How is Real-Time Sync configured for Okta Active Directory integrations?
Real-Time Sync (RTS) updates user profiles, groups, and group memberships during sign-in instead of waiting for a scheduled import. Watch the video or follow the steps below for details on configuring RTS.
Okta requires the following conditions to trigger the synchronization process:
-
The user must enter the full Okta username and AD password for Okta to perform Delegated Authentication and JIT provisioning.
-
The user must authenticate on the Okta org integrated with the AD domain. Okta does not perform JIT authentication if the user signs in to a different org.
-
Okta also updates user information whenever an administrator loads or refreshes a user profile on the People page. This action imports updated attributes, user statuses, and any AD group membership changes made since the last synchronization.
Administrators must perform the following steps to configure the RTS feature:
-
Navigate to Directory > Directory Integrations > Active Directory.
-
Select Provisioning > To Okta.
-
Select the JIT provisioning option.
NOTE: RTS requires version 3.0.9 or later of the Okta AD Agent.
