b38s2 (b38s2) asked a question.
I have been watching this video:
https://www.youtube.com/watch?v=o9gMGXK_nHM
and reading this white paper:
https://www.okta.com/resources/whitepaper/using-okta-for-hybrid-microsoft-aad-join/
We currently are running a local AD then have Okta Sync installed pushing everything to Office 365 / AAD.
We want to start to join our computers to AAD and run a hybrid setup but watching these videos and reading the white papers it seems they all mention AD Connect and not Okta AD Sync. Does this mean that we will have to remove Okta AD Sync and go back to AD Connect?
Right now the flow is New User in AD -> pushed to AAD using okta ad sync to add user -> new user signs in to office 365 and it authenticates against okta which flows down through the connector to verify the user on local AD.
If we remove okta ad sync and put in AD Connect then the flow would be?? -> Add new user -> AD Connect pushes new user to AAD/Office 365 -> new user is added to okta from AAD?? -> new user signs in to Office 365 or AAD Join computer and then authenticates against "Okta only", because the Okta connector as been removed from AD and it can only authenticate locally to okta?
Am I way off or missing something? Is there a simple white paper or "how to" on transitioning to hybrid joined workstations to AAD what we need to do to replace okta ad sync with AD Connect but keep okta as the authoritative source?
Thanks!!
Hi JC,
Your understanding regarding the flow is correct, you also can refer to https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains for the setup.
Okta doesnt have an official documentation "Step by Step" regarding the configuration, but you may reach out to Microsoft regarding any questions that you may have in the article I mentioned above.
You also may open a case with us to schedule a call and go over the details or talk to our Sales Team regarding your implementation or even discuss a potential customized solution.