JamesC.77289 (Customer) asked a question.
I have a trial account just in case that matters. The flow involves a custom application that manages contractors and creates accounts in Okta as "Staged". Groups, rules, and directory integration map each user into the correct OU on AD. Problem one is that only "Active" accounts are provisioned and pushed to AD, correct? But they want the account in AD so that they can push it to Entra, create mailboxes, etc and feed that all back through AD into Okta which is as far as I can tell, not possible if Okta is authoritative. Once that's done they want to set the account to Active but of course it would have to already be Active to get it into AD in the first place.
Is there some magic that I'm missing?
Hi @JamesC.77289 (Customer) , Thank you for reaching out to the Okta Community!
Provisioning "staged" users to AD works. Please check this documentation for details (tl;dnr: user provisioned but as "disabled" in AD).
After that you should be able to configure "Attribute Level Mastering / Attribute Level Sourcing", allowing you to set up just certain attributes that you want to pull from AD to Okta.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added