JoeO.59517 (Customer) asked a question.
Can I sync AD group membership into Okta without JIT and Delegated admin enabled
Jut starting to roll out Okta to the company. I need Okta to master the users passwords as our users have no way to update their current AD account. I am current pushing the Okta password to AD but needed to disable delegated admin for this. The groups are currently imported but the user membership is not updating as I onboard more people into Okta. Is this possible or can I now only use push groups from Okta to update AD groups?
Hi Joe,
Making an assumption your Okta users are mastered by AD, and you using Okta to push the Okta pw down to AD.
Scheduled imports from Active Directory -> Okta should keep your AD groups updated within Okta. Disabling Delegated Auth should not affect groups imports.
If they are not updating in Okta, you might want to confirm under the AD integration tab, that you have the correct OU's selected to import groups, and that you are running imports.
Here is a good starting point for AD integration with Okta if you haven't seen it yet.
https://help.okta.com/en/prod/Content/Topics/Directory/ad-agent-manage-users-groups.htm
Hi,
I am having the same issue with groups not updating membership. Delegated Authentication is turned on in my case. JIT and USG are off.
The correct OUs are selected for both users and groups. I see the new groups, but their membership shows 0 people. I run the import and it shows no group updates.
Any ideas?
Thank you