Administrators can initiate Active Directory (AD) imports in Okta manually or schedule them to recur automatically. This guide details the methods and limitations for starting an AD import and how to distinguish between manual and scheduled imports using System Log queries.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Directories
- Active Directory (AD) Imports
How are manual Active Directory imports initiated?
Administrators must use the Okta Admin Console to manually start full or incremental Active Directory (AD) imports. Navigate to the Directory Integrations page in the Okta Admin Console to initiate a manual import.
- Go to Directory, and then select Directory Integrations.
- Select the [AD] instance, and navigate to the Import tab.
- Select Import Now.
How are scheduled Active Directory imports configured?
Okta allows administrators to schedule imports to recur automatically. Configure a scheduled import within the Okta Admin Console to automate the synchronization process.
- Go to Directory, and then select Directory Integrations.
- Select the [AD] instance.
- Navigate to the Provisioning tab.
- Under the Settings heading, select To Okta.
- In the General section, select Edit.
- Choose the import frequency from the Schedule import dropdown menu.
- Click Save.
How does Just-in-Time provisioning handle imports?
Just-in-Time (JIT) Provisioning, or Real-Time Sync, syncs individual user profiles during user login or when an administrator views the user profile page in the Okta Admin Console.
- See Configuring Real-Time Sync for Okta Active Directory Integrations for more information.
What are the limitations of initiating Active Directory imports?
Administrators cannot manually trigger AD imports using the Okta Application Programming Interface (API), PowerShell, or any method other than the Okta Admin Console.
- To submit a feature request for API import triggers, review How to Submit a Feature or Enhancement Request using Okta Ideas.
- See Scheduled Active Directory Incremental Import Converted into a Full Import for more information.
NOTE: Okta requires the previous import to complete before beginning a new import.
How are manual and scheduled imports distinguished in the System Log?
The Okta System Log (Reports > System Log) distinguishes manual imports from scheduled imports. Run the following query in the System Log to view all import start events.
eventType eq "system.import.start"After running the query, expand the event and check the ImportTrigger field for Manual action versus Scheduled to identify how the event was triggered. The ImportType field indicates whether the import performed was Incremental or Full.
Filter the System Log to display only manual imports by using the following query.
eventType eq "system.import.start" and debugContext.debugData.importTrigger eq "Manual action"
