<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008mJiM8CAKOkta Classic EngineAuthenticationAnswered2024-04-02T16:23:39.000Z2023-02-07T17:59:28.000Z2023-02-09T01:31:21.000Z

ScottC.38230 (Customer) asked a question.

February 7, 2023 at 5:59 PM
Password Sync Question (AD to Okta, Okta to Google)

We've recently moved from the old/free Okta Connect to a "real" Okta account with Identity Engine and I had what hopefully isn't a terribly stupid question.

 

Right now, we use AD as our source of truth for usernames/passwords and email addresses.

 

If possible, I would like to engage the password sync functionality to accomplish the following:

1> Sync AD passwords to Okta so they are available if agents are not.

2> Sync the password (now in Okta) to Google, for the same reason (allowing login if Okta unavailable)

2> Allow users to change password in Okta, sync the change to both Google and AD

 

Right now I don't need to create users but just synx the passwords. In the configuration for both AD and Google in the admin interface says something along the lines of "Creates a [integration] password for each assigned user and pushes it to [integration]"

 

The AD Password Sync utility seems to indicate that it will sync the password to Okta and then to any apps, but before I break anything I think I wanted some assurance that if I run AD Password Sync on my AD server that the existing AD passwords will be assigned to Okta users and pushed to Google rather than Okta pushing a password it creates on it's own?

 

Apologies if this isn't a clear question, I'm still coming up to speed on Identity Engine stuff.

 

Thanks

 

  • 2 answers
  • 574 views

  • JaniK.29243 (Customer)

    Hi @ScottC.38230 (Customer)​,

     

    I wouldn't call this a stupid question, but fairly broad question. 🙂

     

    I don't know all these moving parts, but here's few notes:

     

    1. If with "Sync AD passwords to Okta so they are available if agents are not" you mean "Sync AD passwords to Okta so they are available if AD Password Sync agents are not" I don't think there's anything at least on the Okta side you could utilize to accomplish the password push. Biggest problem to me is - what process would detect and push these passwords to Okta?
    2. In general, in your post I would perhaps add related documentation link(s) you've looked at which should help us to help you. E.g. have you look at this page and understood the "Before you begin" section along with the other required settings? Just to note, you'll need to install this agent on all of your AD domains (something which takes a long (?) time if you've tens or hundreds of domains).

     

    -Jani

    Expand Post

  • ScottC.38230 (Customer)

    Thank you Jani

     

    Upon re-reading everything it seems the goal of setting the password on, for example, Google will work, but there doesn't seem to be a way to set the Okta user password so that Okta logins work with the AD server unavailable.

     

    It's not a deal breaker but would be a nice thing to have.

     

    Thank you again for your reply.

    -Scott

    Expand Post
This question is closed.
Loading
Password Sync Question (AD to Okta, Okta to Google)