DavidR.32530 (Customer) asked a question.
We have integrated Active Directory to import user into Okta and now we are planning to integrate O365 but only for authentication, provisioning from Okta to O365 is not planned to be implemented.
As part of this plan we validated if all the O365 immutableId's were loaded into Okta.
So first, we confirmed we had the immutableId on AD Onpremises, which was true. ImmutableId's are found at ms-ds-consistencyGUID in AD.
Next we validated at Okta if this value was loaded during imports and we found something strange. About 99% of the users created at Okta, that were imported from AD, have the immutableId at its externalId attribute. However 1% left, has another value that does not correspond with this value to the ms-ds-consistencyGUID on AD on premise corresponding account.
We have reviewed the profile mapping but externalId is not explicitely set to anything, so we are wondering what's the behavior by default for this integration? When Okta will pick ms-ds-consistencyGUID from AD and in which cases it will not?
Thanks in advance for any help or documentation that could someone provide us.
Hello
Thanks for posting.
To make sure that Okta will pick ms-ds-consistencyGUID from AD:
From the Okta Admin console:
https://support.okta.com/help/s/article/How-to-change-the-ImmutableID-to-ms-consistency-guid-anchor-for-office365?language=en_US
Regarding the mapping from Immutable ID to External ID please take a look at the following document with the default mappings between AD and Okta:
https://help.okta.com/en/prod/Content/Topics/Directory/Directory_AD_Field_Mappings.htm
Since some users (1%) are not showing the expected behavior, I suggest you to open a support case with our team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm in order to review the specific scenario and find out why is this happening.
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.
Thanks a lot for your reply Daniela, we will review the documentation you shared and open the case and let you know any additional findings.