User16213447536707472636 (Customer) asked a question.
In our environment, we have an issue where users are often getting disabled in AD prematurely or unintentionally, and until we solve this problem (unrelated to Okta), we are frequently putting out fires of user accounts being enabled in AD but not being enabled in Okta. Our service desk sees that the user is enabled in AD, but still can't login to Okta, so we are tasked with enabling their account in Okta manually (running the manual AD Import under Directory Integrations).
Of course, we don't want to be running manual imports when we need to. Our import schedule is currently set to every 2 hours. We may change it to every hour, but besides that, is there any other setting in Okta that governs when Okta will pick up AD user account status changes (in this case the enabled/disabled field) and enable that user in Okta?
Our goal is to understand any possible ways that Okta will see that an AD user has switched from disabled to enabled, and then subsequently automatically enable them in Okta - again, other than the normal AD import which we are already aware of.
Thanks.
Sounds like you dont have reenable and matching rules working
on the integration make sure reenable is set n rule actually matches your users and they will reenable
check Facebook and join okta help tips and tricks its a growing community
We also have "Okta username format matches" selected under Directory Integrations > AD > Provisioning > Settings, To Okta > User Creation & Matching.
Is there another setting we might be missing?
Nate Major
Security Analyst
PH: 740-404-9948
nathaniel.major@marzetti.com<mailto:nathaniel.major@marzetti.com>
Make sure these settings are also enabled.
Both of those settings are also enabled.
Nate Major
Security Analyst
PH: 740-404-9948
nathaniel.major@marzetti.com<mailto:nathaniel.major@marzetti.com>