<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Okta Agent Registration Application is Assigned to Admins

Last Updated:

Okta Classic Engine
Directories
Okta Identity Engine

Overview

The assignment of the Okta Agent Registration application to administrators is expected behavior resulting from the Active Directory (AD) Agent transition to OAuth 2.0. Okta automatically assigns this hidden application to administrators with agent registration permissions to support secure communication. The System Log displays events indicating that Okta assigns the Okta Agent Registration application to administrators in the organization, but no application with this name appears in the Applications list.

Execute the following System Log query to view events related to the application:

 

target.displayName eq "Okta Agent Registration"

 

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Active Directory (AD) Agent
  • Okta Agent Registration Application

Cause

Beginning with version 3.18.0, the AD Agent uses OAuth 2.0 for authorization and OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) to securely communicate with Okta. Okta registers agents through the OAuth 2.0 device authorization flow, and the agents operate independently of the account used to register them. As part of this change, Okta creates a new application to register agents that support OAuth 2.0. Because access to register agents relies on administrator roles, Okta hides the application from the organization's application list.

Solution

Why does Okta assign the Okta Agent Registration application to administrators?

This is expected behavior to support the improved agent connection and communication methods beginning with version 3.18.0 of the AD Agent. As Okta implements this change within the organization, Okta individually assigns all administrators with permission to register agents (Super Administrators by default and any existing custom role with this permission granted) to the new Okta Agent Registration application. Okta then assigns the application to the administrator groups that have that permission. Going forward, Okta assigns new administrators in roles with the necessary permissions to the application during the administrator role assignment process.

 

Related References

Recommended content

Still looking for help?
Loading
Okta Support - Okta Agent Registration Application is Assigned to Admins