<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VEkSANOkta Classic EngineAdministrationAnswered2024-04-19T07:26:56.000Z2017-01-20T09:46:45.000Z2018-08-12T04:16:16.000Z

connecteur-workflowc.82675 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Is there a way to find all disconnected accounts from the AD through the report logs?
Hello,

 

We are using AD to manage our users on Okta, but our User Admins can disconnect them from the AD. So i would like a filter that can sort cloud-only users (disconnected or deactivated) through the report logs.

Thank you for your help!

  • 4 answers
  • 1.05K views

  • connecteur-workflowc.82675 (Customer)

    Thank you Gabriel for your help, I found the answer.

    With the "Password Health" report, it is possible to see where passwords are managed (wheter by Okta or AD) and the account status (Active or Not).

    As User Admin have rights to disconnect users from AD, this is useful to detect Cloud Only Users who are not compliant with our security policies.
    Expand Post
    Selected as Best

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Clement,

    I disconnected a user from AD. When I looked in the New System Log (Sys Log 2), I see an event with these 3 fields:

    eventType eq "application.user_membership.remove"

    displayMessage eq "Remove users application membership"

    target.displayName eq "Active Directory"

     

    In the Old System Log, I see:

    Message: User deprovisioned from app

    App: active_directory 

    Categories: Application Assignment

     

    Keep in mind that "AD" is considered to be an "app".
    Expand Post

  • connecteur-workflowc.82675 (Customer)

    Hello,

     

    Thank you for your answer!

    We do have the new System Log v2, but what we would like is to detect the cloud-only users as we currently have no visibility on them.

    The issue with your filter is that users deleted from the AD (because they left the company) are also seen as "removed from the Active Directory" and are no longer in Okta.

     

    Is there any filter for it?

     

    Thank you again !

     

    Expand Post

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi

    If you're open to using the Okta Users API, you could List Users and look at:

    credentials.provider.type equal to "OKTA"

    see

    http://developer.okta.com/docs/api/resources/users.html#list-users(http://developer.okta.com/docs/api/resources/users.html#list-users)

    http://developer.okta.com/docs/api/resources/users.html#user-model(http://developer.okta.com/docs/api/resources/users.html#user-model)

    Expand Post

  • connecteur-workflowc.82675 (Customer)

    Thank you Gabriel for your help, I found the answer.

    With the "Password Health" report, it is possible to see where passwords are managed (wheter by Okta or AD) and the account status (Active or Not).

    As User Admin have rights to disconnect users from AD, this is useful to detect Cloud Only Users who are not compliant with our security policies.
    Expand Post
    Selected as Best
This question is closed.
Loading
Is there a way to find all disconnected accounts from the AD through the report logs?