EricS.64630 (Customer) asked a question.
We've been having issues lately with del_auth_timeout errors and upon further investigation we've found that it's due to the domain controller taking more than 18 seconds to respond. I was told by Okta support that authentication requests are handled by whichever agent server is available and that the agent server also will talk to whichever DC is available to process the authentication request. This can be problematic for companies with sites in different continents. For example, we had a user in the US whose auth request was handled by an EU based AD agent server, who was then talking to a DC back in the US. This request ended up taking about 2 minutes and ultimately failing. I believe the way the
My request is to make the AD agent servers (or the delegated authentication process) geo aware, so that any requests are handled by the closest AD agent server to the user. On that same note, AD agent servers should try to contact the closest DC (based on AD site), which hopefully would reduce the number of timeouts we see.
Hello @EricS.64630 (Customer) Thank you for reacting out to our Community!
For a Feature Request we recommend to post it on our Idea section, as that is the place where all Feature Requests/Ideas are posted and reviewed by our engineering team.
https://support.okta.com/help/s/ideas?language=en_US
Hope this helps and if this answered your question, please mark this as Best Answer!