jeyn8 (jeyn8) asked a question.
Active Directory Credentials Cached in Okta
I am working on an engagement with a client that is separating from their parent company. They plan to use Okta in their new independent architecture but are concerned about Okta's ability to cache Active Directory credentials. Would someone be able to point me to some information that talks about how Okta caches or stores Active Directory credentials? Is it possible to have Okta still prompt users for credentials every time they try to authenticate to a resource?
Thanks in advance!
Hi Kevin Paiva,
For your case use Delegated authentication. When delegated authentication to AD is enabled, directory passwords are not synchronized to Okta because delegated authentication performs the authentication and there is no Okta password. With delegated authentication users use their directory password to sign on to Okta.
Thank you for your answer. With delegated authentication, does Okta cache credentials entered by users to login to Okta to then pass to applications or will users need to enter credentials again for applications available within Okta? My concern is if Okta stores to caches credentials at any time during the transaction process between a user and an application.
Delegated authentication never cache your password.Occasionally password need to be sync from AD through Okta to App if your application depending on AD password, but normal scenarios like SAML/OIDC/SWA application integration not required to sync the password.
The answer is "No"I f there are no applications using password sync from AD through okta and obviously not configured with password sync agent.
Please find more details : https://help.okta.com/en/prod/Content/Topics/Directory/Installing_Configuring_Active_Directory_Password_Sync_Agent.htm