6jt4m (6jt4m) asked a question.
How to sync users in an AD Group? Doesn't seem to work.
Hoping someone here might know the right check box to check or something that i'm missing.
I have an OU Checked to sync. Inside that OU i have a permissions group. Inside that permissions group I have a user.
When i manually sync, the user is not imported.
If i move that user out of the permissions group and just directly in the OU and sync, the user is imported.
But i'd really like to get that group to sync so i can use it as a gathering places for user accounts enabled for Okta rather than having to pick a bunch of OUs that i'm not ready to import all those users yet.
Is what i'm wanting to do, syncing users out of an AD group inside of an OU possible?
No, you must import both the group and the users that are members of that group. Importing a group object from AD does not automatically import all of the members of that group. The user objects (members of the group) must also be imported.
Seems reasonable but how do you tell Okta AD sync to sync the users inside of that group? I don't see an option that would lead me to check it to accomplish this.
You don't, at least not explicitly. Keep in mind that Okta's Universal Directory (UD) is separate from your Active Directory and both objects (users and groups) must be imported into UD.
When you import an AD group into UD, an AD-mastered Okta group is created. Similarly, when you import an AD user into UD, an AD-mastered Okta user account is created.
Okta groups can only contain accounts that exist in UD, so as soon as you import your AD user accounts into UD to create AD-mastered Okta accounts, they will be automatically added to the AD-mastered group(s) you imported previously.