Beginning with version 3.18.0, the Okta Active Directory (AD) Agent uses OAuth 2.0 and OAuth2.0 Demonstrating Proof-of-Possession (DPoP) to communicate securely with Okta. Agent registration during installation now utilizes the OAuth 2.0 device registration flow instead of an API token, which changes the agent installation workflow.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Okta Active Directory (AD) Agent
How is the Okta Active Directory Agent registered using OAuth 2.0?
Completing the OAuth 2.0 device registration flow requires the user to retrieve an activation code from the installer, authenticate with Okta through a web browser, and authorize the agent connection.
-
Step through the AD Agent installation to reach the registration page with the Okta Uniform Resource Identifier (URI) and registration code.
-
Select the link in the installer or access the displayed URI on a separate machine. Okta prompts for the activation code from the installer. Selecting the link directly from the installer may automatically populate the code.
-
Log in to Okta. NOTE: The authenticating user must possess permissions in the Okta organization to register new agents.
-
Choose Allow Access at the agent registration prompt.
-
Review the display for confirmation that the agent registered successfully.
-
Return to the AD Agent installer to verify successful installation completion.
