Reverse synchronization from Okta to AD ~For future AD abolition~
Introduction
This time, I will explain the procedure for user synchronization from Okta to AD.
Overview of Okta-AD integration
Synchronization from AD to Okta
This is a case of synchronizing users to Okta with a commonly used AD as the ID master.
In this case, you can manage user attributes in AD, and enable Delegated Authentication to log in to Okta using your AD password.
Synchronization from Okta to AD
This is reverse synchronization, which will be explained here.
In this case, another identity management system becomes the identity master, and AD user management can be done by the identity management system or Okta.
If you are going to abolish AD in the future, you can take the first step.
Setup steps
Prerequisite: Installation of AD Agent has been completed in advance, and coordination between Okta and AD has been established
① Okta management screen > Directory > Directory Integrations > Select the target AD
② Select Provisioning tab > Settings > To App (Okta → AD settings)
③ Click Edit and check if necessary
④Move to the user / group setting screen you want to synchronize (select the group this time)
⑤Directories > Manage directories > Select the target AD and click Next
⑥Since the following screen is displayed, set Username format, Synchronization target OU, Custom Attribute, and click Conform Changes.
⑦ Confirm that the target AD is assigned to the Directories item on the group setting screen
⑧ Move to the target AD > Assignments screen and check if there is an error
⑨ Check the OU to be synchronized on the AD side, confirm that it is synchronized, and finish
Summary
In this blog, Okta → AD Did you understand about reverse synchronization to ?
Okta If you have even the slightest interest in this, please feel free to contact us.
Please look forward to the group push to Okta → AD!
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Mon-Fri 8:45-17:30