<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UgISAVOkta Classic EngineAdministrationAnswered2022-02-17T23:50:30.000Z2018-07-26T14:22:43.000Z2020-03-11T17:37:23.000Z

JeffreyB.47258 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
AD sync Groups or Users
Hi

I am working on cleaning up my AD to OKTA sync settings. I have inherited this issue from my predecessor. It looks like OKTA is set to sync with my AD using both group level and user level management. I have set up AD to work at the group sync level and not on the individual user level synchronizations. I might be a bit paranoid but my question is, can I deselect the user level selection and still have OKTA accept the group level user memberships? I have this feeling that even if the user is in the group OKTA still has to have access to the user AD sheet specifically. I have about a 1000 users that use OKTA on a daily basic and I do not want to drop them out of OKTA be deselecting the user OU from the sync path setting. Thanks for any information on this question. Jeff
  • 2 answers
  • 3.34K views

  • andrei.marcu1.5293353142357188E12 (Vendor Management)

    Hello,

     

    Thanks for reaching out to Okta Community Portal.

     

    If you will decide to use just group level sync to Okta only the groups themselfs(without the users within them)  will be synchronized with Okta.

    If the user level sync is unchecked you will no longer be able to sync any changes performed into AD to Okta and that might cause some issue in the future.

     

    Please feel free to contact us or open a case if you need further assistance

     

    Thank you,

     

    Andrei Marcu

    Technical Support Engineer

    Okta Global Customer Care
    Expand Post

  • DanielV.45438 (Customer)

    Thanks Andrei, we disabled user level sync before while troubleshooting the JIT issue. Can you confirm user level sync will not effect one's ability to do JIT?

This question is closed.
Loading
AD sync Groups or Users