<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UmVSAVOkta Classic EngineLifecycle ManagementAnswered2024-04-17T12:52:47.000Z2017-03-03T21:31:04.000Z2018-03-12T22:05:32.000Z

xlpau (xlpau) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Deactivate user in Active Directory pushed to Okta without waiting for directory import
Hi,

Currently, we deactivate a user in Active Directory, to ensure it gets pushed to Okta and assigned applications we run a manual import if we can't wait for the import which is set at every hour.

 

Does the AD password sync agent (which we don't use currently) also process deactivations on action in AD and not reply on the import?

Or any other way we can accomplish this to disable access immediately without dependency on the Okta directory import?

Thanks
  • 2 answers
  • 2.04K views

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Karl

    If you have JIT enabled for AD

    https://help.okta.com/en/prod/Content/Topics/Directory/Okta%20Active%20Directory%20Agent.htm

    and a previously-enabled (now disabled) AD user tries to login, they won't be able to, and their Okta account will also be deactivated. Or, an Okta admin can find them in the Okta Admin console under Directory > People, click on their link, and it will do a real-time/JIT sync to AD and disable the user.
    Expand Post

  • xlpau (xlpau)

    Thank you for the reply. We may have to do it from Okta and let it sync to AD from there.

     

    If disabling someone in active directory there is no action in Okta or assigned apps until the user tries to log in, this leaves assigned applications active and accessible. Some applications are accessed directly and not through Okta and need to be deactivated at the time of deactivation in AD.
    Expand Post
This question is closed.
Loading
Deactivate user in Active Directory pushed to Okta without waiting for directory import