JessicaW.72146 (Customer) asked a question.
Import AD User for authentication only, no user modification
We have several administrative users in AD that would like to be able to authenticate to Okta for other administrative functions. However, these are not users we want Okta (or anyone besides DAs) updating, so therefore we have inheritance disabled. Whenever I update AD mappings, it then spawns a task for each of these users stating that it does not have access rights to them. These mapping updates shouldn't even touch these users either - but still the tasks are there.
So, is there any way to have users from another directory in Okta, but not have updates pushed to the source directory for them?
Hello.
Sadly, you cannot add modifications to specific users. As the update user attributes changes are applied to Org level.
We have the following documentation that provides more details on this:
https://help.okta.com/en/prod/Content/Topics/Directory/ad-agent-configure-provisioning.htm
Although we do not have the option in place, you can suggest this on the Okta Community by using the 'Submit an Idea' option from the Help &Support section, reachable from the upper right-hand corner of the Admin console.
Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests. From there, the PM team will review the top 30 most voted upon ideas each month and provide feedback/roadmap status on these via the forum.
Thank you,
Andrei