• Go to Directory > Directory Integrations and click the target AD

• ImportタブにてImport Nowをクリック

• You can choose the import method, select Incremental Import or Full Import and click Import

• Click OK when the number of scanned users and groups is displayed.

• Check the users to import and click Confirm Assignments​

• Check Auto-activate users after confirmation and click Confirm​

* By checking Auto-activate users after confirmation, the target user will be activated on Okta.

• Confirm that the imported users are displayed in the Assignments tab

• Confirm that the applicable user can log in

• Navigate to Directory > Directory Integrations and click the target AD.

• Select To Okta in the Provisioning tab and click Edit.

• Check Create and Update users on login to enable JIT provisioning.

• Click Save​

*You can set it so that manual import is not performed by checking Skip users during import in Do not import users

• Log in to Okta portal as a user on AD.

• Confirm that you can log in and that the user information is the same as on AD.

• Confirm that the new user has been added on the administrator screen as well.

• Go to the target AD setting screen and click Edit in To Okta on the Provisioning tab.

*It is possible to periodically link AD user information only for users newly created from AD to Okta manually or by JIT. It can be updated manually by the user or at JIT timing.

• Select the import timing from "Never" in the Schedule import item and click Save.

*In the above example, the timing is selected as "Every 6 hours"

• Move to the Directory > Profile Editor screen.

• Click Okta Profile to add attributes for the Okta user's profile.

• Click +Add Attribute in the Attribute item.

• Enter the following items and click Save. (When string is selected for Data type)

• Display name

• Variable name

*Description can be entered arbitrarily. Other items can be set according to the conditions of attribute information.

• Return to Okta's Profile information screen. Click Custom in the Attributes item to check the added attributes.

• Confirm the contents of the added attribute, and the attribute addition setting is completed.

*Added attributes can be edited by clicking 🖊

• Move to the Directory > Profile Editor screen and click Mappings of the target AD.

• You can configure the mapping between AD and Okta, in the AD to Okta User tab, scroll down to the added attributes section.

• Set the AD attribute content to correspond to the corresponding Okta attribute and click Save Mappings.

*In the above example, set so that "lastName + firstName" on the AD side is mapped to the added attribute "test" on the Okta side (AD side lastName: sato, firstName: taro → Okta side test: sato taro)

• A message indicating that the mapping has been set will be displayed, and you will be asked whether or not to update the contents. Click Apply updates now.

• Move to the Directory>People screen and click the AD master user.

• Confirm that the corresponding attribute value is reflected in the Profile tab of the target user, and the setting is complete.

The AD master user profile cannot be changed from the Okta admin screen by default. It can be edited by clicking the edit button of the target attribute value from the Attributes tab of Okta Profile in Directory>Profile Editor and changing "Inherit from profile master" to "Inherit from Okta" in Master priority.

• Go to Security > Authentication.

• Select Active Directory Policy on the Password tab and click Add Rule at the bottom.

• Enter the Rule Name, check the items you want Okta to implement, and click Create Rule.

• change password
• perform self-service password reset
• perform self-service account unlock

• If the created new rule is added, the setting is complete.

• Confirm that it is possible to reset the password and unlock the account of the AD mastered user from the Okta administrator screen, and that it is possible to change the password from the Okta portal setting screen of the corresponding user.