<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006PHi8fSADOkta Classic EngineAdministrationAnswered2021-08-23T14:56:27.000Z2019-07-02T15:31:28.000Z2019-07-17T04:54:00.000Z

FredyS.06528 (Customer) asked a question.

July 2, 2019 at 3:31 PM
Unable to login with Active Directory Alternate UPN Suffix with delegate authentication

Hi,

 

I am doing some POC for okta right now.

We try to setup okta with delegate authentication to Active Directory.

Currently, our UserPrincipalName is different from main domain.

We use Alternate UPN Suffix.

 

So my AD Domain is ad.example.org, and our UPN suffix domain is example.org.

Set Okta Username Format to UserPrincipalName.

Trying to login with user@ad.example.org is success.

But when we are try to login with user@example.org, the authentication always failed.

From what i have seen in okta log, it said :

Authenticate user with AD agent

failure : Authentication failed: bad username or passwordEven when we are sure the username and password is correct.

 

Did i miss something when configuring the okta ?

For more information, our active directory is in Windows Server 2016.

 

Thank you.

  • 2 answers
  • 3.01K views

  • alex.susu1.5222280451736545E12 (Vendor Management)

    Hi Fredy,

     

    From the looks of it Okta is still seeing user@ad.example.org as the UPN.

    I recommend opening a support ticket so an engineer can have a look at your configuration and correct eventual setup errors.

     

    Alex

    Expand Post
    Selected as Best

  • alex.susu1.5222280451736545E12 (Vendor Management)

    Hi Fredy,

     

    From the looks of it Okta is still seeing user@ad.example.org as the UPN.

    I recommend opening a support ticket so an engineer can have a look at your configuration and correct eventual setup errors.

     

    Alex

    Expand Post
    Selected as Best

  • FredyS.06528 (Customer)

    Hi Alex,

     

    Thank you for your reply.

    You are right, by comparing the okta log, when i am logging in with our additional UPN, okta doesn't forward the authentication to active directory.

    I am opening a support ticket now.

     

    Thank you so much,

     

    Fredy.

     

    Expand Post
This question is closed.
Loading
Unable to login with Active Directory Alternate UPN Suffix with delegate authentication