sz497 (sz497) asked a question.
incorrect users after pushing from okta to active directory
Hello. Our Active Directory domain has several aliases for UPN, username format: lastname.name@one_of_the_aliases i.e smith.jerry@alias1.com
after pushing user from Okta to Active Directory the Agent creates the user, but this user is unable to use.
1) the UPN alias is unset
2) the AD user "must change user on net logon"
3) password looks like not synced. (but the checkbox in OKTA is set)
manual fixing this three issues makes user correct and usable.
How can I fix this? and make one-way pushing users from Okta to AD usable?
Many thanks.
Hello @sz497 (sz497) Thank you for posting on our Community page!
For the UPN issue, that should be resolved from the Profile Master, make sure that the correct value is set and setup. There should not be any problem having that value pushed from Okta.
Please see below article with guide on how to achieve this:
https://help.okta.com/asa/en-us/content/topics/adv_server_access/docs/ad-user-manage.htm
For the password issue, please see below article that should resolve your problem:
https://support.okta.com/help/s/article/FirstTime-Login-For-Users-Pushed-from-Okta-to-Active-Directory?language=en_US
https://help.okta.com/en-us/content/topics/directory/security_using_sync_password.htm?cshid=ext_Security_Using_Sync_Password
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.