ShoichiroK.00155 (LAC Co., Ltd) asked a question.
Okta Active Directory UnlockAccount
Is the delegated authentication function mandatory to enable a feature that allows users locked on the AD side to self-unlock on the Okta side?
- Paul S. (Okta, Inc.)
Hello @ShoichiroK.00155 (LAC Co., Ltd) Thank you for posting on our Community page!
Yes, Delegated authentication is needed, you will also need a few additional settings for this to work, please see below:
To enable self-service account unlock for AD-locked users via Okta, you need to:
- Enable Delegated Authentication for your Active Directory integration in Okta.
- Ensure your Okta AD Agent has the necessary permissions in Active Directory to unlock user accounts. This often requires elevated permissions for the service account running the Okta AD agent (e.g., Domain Admin, though specific, less privileged permissions might be possible depending on your AD setup and Okta version).
- Configure the Okta Active Directory Policy to allow users to perform self-service account unlock.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Expand Post
This question is closed.
Hello @ShoichiroK.00155 (LAC Co., Ltd) Thank you for posting on our Community page!
Yes, Delegated authentication is needed, you will also need a few additional settings for this to work, please see below:
To enable self-service account unlock for AD-locked users via Okta, you need to:
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.