<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jXbSAJOkta Classic EngineLifecycle ManagementAnswered2024-04-30T09:18:25.000Z2016-07-19T19:46:33.000Z2020-05-21T05:30:48.000Z

CGR Read WriteS.86478 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Add OKTA user to active directory group
We have an requirement to implement zero manual provisioning employee on boarding and off boarding process from HR to Okta to AD.

 

I have integrated our corporate active directory with okta and import all users and group to OKTA. Now users created from my HR application in OKTA has to add to active directory group which i imported earlier . So that users can be created in AD and assign it to the group. I looked into it and could not able to add users to AD groups and also tried to create rule with Active directory group. Seems only we can use OKTA group while creating the rules.

 

Can we add OKTA users to Active directory group? If so how?

 

Thanks

  • 8 answers
  • 4.85K views
Common Securitization Solutions likes this.

  • james.flores1.4616875318781074E12 (Okta, Inc.)

    Hi Yamini,

     

    You can provision Okta users to AD.  You'll need to enable the Create Users option in your AD settings then:

     

    1. Create an Okta group used for provisioning

    2. Select that group and go to the Directroies section

    3. Add your Active Directory, selecting the OU in your AD enviorment

     

    When you add a user to this group they will be provisioned in AD.
    Expand Post

  • CGR Read WriteS.86478 (Customer)

    Thanks for the quick response. I am aware of this option to provision users to the Active directory by  enble create users in AD settings and add AD to OKTA group to provision user. Actually i am trying to add the user to active directory group which are in OKTA. I could not able to add them.

     

  • james.flores1.4616875318781074E12 (Okta, Inc.)

    Are you trying to add them to AD groups that they are not provisioned to? If so it sounds like you are looking to do Push Groups to AD. Groups you add to the Group Push section of the AD settings are pushed into AD so member changes in Okta show up in AD.  It's a feature some apps, such as Box, O365 etc have. Take a look at this article on Push Groups and tell if that is what you are trying to do with AD. 

     

    https://support.okta.com/help/articles/Knowledge_Article/27086213-Using-Group-Push
    Expand Post

  • 1c7tb (1c7tb)

    Hi, I am having the same issue. It looks like push groups are not supported to active directory because AD is not added as an "app" but instead a directory.

    We can use AD as the source of truth and flow the groups into Okta but we cannot manage the members through Okta.

     

    Do you have a solution where we can manage AD group membership in Okta? or at least flow a Okta group and members to AD?

     

    thanks
    Expand Post

  • KeithK.26551 (Customer)

    I'm also very interested in this.  Would be super helpful to be able to add people to distribution lists and such via Okta attributes such as location.

  • j5v7c (j5v7c)

    I spent a good few hours trying to figure out this myself.  It turns out that the "Group Push" feature to AD is an Early Access feature, which is why you don't see it in the directory settings, but they talk about it in the documentation.  Contact support, and they can have it enabled.  Hope it helps somebody else that is looking for it.

  • Ketan Solanki (Customer)

    Hi, Anyone else tried Group Push for AD? Does it enable Okta to manage group memberships in Active Directory? Like adding users to DL in AD from Okta.

  • v2o4p (v2o4p)

    Hi, Anyone have solution for this issues?

    Thank you

This question is closed.
Loading
Add OKTA user to active directory group