<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UzKSAVOkta Classic EngineAdministrationAnswered2024-04-30T09:18:25.000Z2016-10-12T19:46:36.000Z2018-02-16T17:09:16.000Z

knm4i (knm4i) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Okta/AD Password Policies
I'm seeing some references to "Softlock" features that were implemented sometime last year for Active Directory integrations with Okta, with the ability to set a password policy for AD integrated users specifically, but I'm not seeing any of that in my admin console. 

 

I'd also like to know if users that are locked out in AD are also locked out in Okta when authentication is delegated to AD. It appears as though the user is only locked out in AD (which makes it so they can't auth to Okta) but I would like administrators to be able to unlock the account form Okta without giving every user in the org that ability.
  • 1 answer
  • 1.33K views

  • j5v7c (j5v7c)

    Hi Lucius

     

    The softlock capability is a process to lock the Okta account rather than the AD account when maybe a malicious external user tries repeatedly entering an invalid password during Okta login that could lock an end-user out of their Windows account and hardware device. So we lock the Okta account out at say three failed login attempts, but the AD policy would lock out after 5 for exmple. So it's a safety feature.

     

    For you second part of the question.If the user gets deactivated via AD then yes the Okta account upon next import will deactivate the Okta account.
    Expand Post
This question is closed.
Loading
Okta/AD Password Policies