<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009v2JKECA2Okta Classic EngineIntegrationsAnswered2023-12-21T19:17:26.000Z2023-12-20T20:15:45.000Z2023-12-21T19:17:26.000Z

GavinP.36500 (Customer) asked a question.

December 20, 2023 at 8:15 PM
Question about Universal Sync in a Hybrid Enviroment

Hello, we currently utilize a directory integration with on-prem AD, but would like to use Azure AD as our source instead as we are in the process of moving users over from hybrid joined laptops to Azure joined. We currently have the Office 365 integration as well but only in the License/Role mode. Would it be possible to use Universal Sync in this setup? We do use AAD Connect which I see is not supported by Universal Sync, but does this mean that we cannot have AAD Connect setup at all in order to switch? Or do we have to remove the current on-prem integration to switch?

  • 1 answer
  • 368 views

  • User16594883467582706479 (Customer Support Online Experience)

    Hi, @GavinP.36500 (Customer)​ 

     

    Thank you for posting on our Community page!

     

    Please see the following article on this matter:

    https://support.okta.com/help/s/article/Office-365-Provisioning-Type-Universal-Sync

     

    Main points here:

    • User Sync and Universal Sync can’t be used with Directory Synchronization, Azure Active Directory (AAD) Sync, or Azure Active Directory Connect.
    • Universal Sync also does not support JIT-enabled Active Directory instances.
    • Once Universal Sync is configured, users can no longer be updated directly in Azure AD. Changes must occur at the source of truth and be synced across. In this case, the OnPrem AD domain was selected during the Universal Sync provisioning configuration.
    • If Hybrid AAD Domain Joined devices or access is used or might be used in the future. User Sync or Universal Sync cannot be used.

     

    I’d also suggest to get in touch with your CSM or Account Executive to take a better look at the specific architecture you have in plan and give you a more in depth answer.

     

    Earn Today: New Okta Community Badges Have Arrived

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    _____________________________________________________________________________

    Expand Post
This question is closed.
Loading
Question about Universal Sync in a Hybrid Enviroment