<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jccSABOkta Classic EngineAdministrationAnswered2024-04-30T09:18:25.000Z2018-04-19T04:19:50.000Z2018-08-12T04:15:00.000Z

mxaza (mxaza) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Instance-level Delegated Authentication - some users AD auth-master and others okta auth-master
I want to configure okta such that one subset of users has okta as its authentication master while one or more other subsets will have Active Directory as their authentication master.

From a review of the documentation, it looks like I must enable 'Instance-level Delegated Authentication' to accomplish this. Put differently, it looks like if I were to enable the standard AD delegated authentication without first enabling 'Instance-level Delegated Authentication' that all of my okta users would have AD as their authentication master.

 

Assistance clarifying this would be very welcomed. Thanks
  • 2 answers
  • 848 views
t4g7y likes this.

  • cristian.mondiru1.4907966966227656E12 (Okta, Inc.)

    Hello Kurt,

     

       Thank you for reaching out to Okta Support!

      Currently, the settings are applicable on AD instance level, therefore that subset of user would have to be sourcing from a separate AD instance, that will not contain users for which AD would be the authentication master.          Depending on the size of the user subset, a manual disconnect from AD for these users and reset the passwords. This way, the users will be Okta mastered and have Okta as an authentication master.

      If you would like to further discuss regarding this integration based on the current configuration and requirements, please do not hesitate to open a support ticket with Okta.

     

     

     Thank you,

     Cristian Mondiru

     Technical Support Engineer
    Expand Post
    Selected as Best

  • cristian.mondiru1.4907966966227656E12 (Okta, Inc.)

    Hello Kurt,

     

       Thank you for reaching out to Okta Support!

      Currently, the settings are applicable on AD instance level, therefore that subset of user would have to be sourcing from a separate AD instance, that will not contain users for which AD would be the authentication master.          Depending on the size of the user subset, a manual disconnect from AD for these users and reset the passwords. This way, the users will be Okta mastered and have Okta as an authentication master.

      If you would like to further discuss regarding this integration based on the current configuration and requirements, please do not hesitate to open a support ticket with Okta.

     

     

     Thank you,

     Cristian Mondiru

     Technical Support Engineer
    Expand Post
    Selected as Best

  • j5v7c (j5v7c)

    Hello Kurt,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

     

    Thank you,

     

    Dylann Fezeu

    Okta Help Center Team
    Expand Post
This question is closed.
Loading
Instance-level Delegated Authentication - some users AD auth-master and others okta auth-master