I tried using Okta Active Directory PW Sync Agent

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Okta Workforce Identity
- Auth0

Specifications/Technical Information

Specifications/Technical Information
- Okta Workforce Identity Basic Setup Guide
- Auth0 Basic Setup Guide

solution

solution
- Okta Solutions - Zero Trust with Okta

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Okta

Octa

Try using Okta Active Directory PW Sync Agent

Introduction

This time, I will explain about Okta Active Directory PW Sync Agent.

[Function description of Okta Active Directory PW Sync Agent]　(hereafter referred to as AD PW Sync Agent)

AD PW Sync Agent, at first glance, looks like it synchronizes PWs managed in AD to Okta. However, in fact, it is not such a function, it is a function to push AD PW changes to Okta and reflect them in the linked SaaS.

By using this function, it is possible to log in with AD ID/PW without sacrificing user convenience for SaaS that is not linked with Okta for SSO.

With AD PW Sync Agent

Operation flow

User import from AD (Delegated Authentication enabled)
User creation to Okta
Provision from Okta to partner SaaS (Sync Password enabled)
Synchronize PW to SaaS
Change target user's PW on AD
AD PW Sync Agent pushes PW changes to Okta
PW change of linked SaaS
Log in with the changed PW when logging in to SaaS

Without AD PW Sync Agent

User import from AD (Delegated Authentication enabled)
User creation to Okta
Provision from Okta to partner SaaS (Sync Password enabled)
Synchronize PW to SaaS
Change target user's PW on AD
PW change not pushed to Okta and PW used to login to SaaS is previous PW

*In an environment where AD PW Sync Agent is not deployed, you will need to sign out of Okta and sign back in to change the PW of the linked SaaS.

AD PW Sync Agent setup procedure

① Download the AD PW Sync Agent installer from Okta management screen > Settings > Downloads

②Start the installer on the Windows server and click Next.

③ Enter the URL of the Okta tenant, Next

Description example) https://xxxxx.okta.com

④ Select the folder to download Okta AD PW Sync Agent and click Install

⑤ Since the server needs to be restarted, select either option

⑥ Click the Windows mark, confirm that it has been added, and click

⑦ Select Okta username format with UPN and SAM accountname

⑧ Match Username format on Okta side and complete

That's it for the settings.

I'll check to see if it actually works.

① Check the provisioning settings of the linked App (Okta → Enable PW synchronization to App)

②Provision to App and log in with ID/PW on SaaS side

(3) Change the PW of the target user on the AD side

④ Check again if login to SaaS is successful with ID/ PW after change

Summary

I think that Okta AD PW Sync Agent is rarely used, but it is convenient to log in with AD ID / PW without sacrificing user convenience for SaaS that does not have SSO linkage with Okta. function. We hope that this article will help you understand a little more.

その他Oktaに関するお問い合わせなどございましたら、是非弊社までご連絡ください。