Skip to main content

Prepare an OU for AD users you will import to Okta

Part of the Okta-AD Integration guide


This procedure is performed in Active Directory Users and Computers, not in ZeroTek or Okta. Before importing users to Okta, verify that all users in the target organizational unit (OU) meet the import requirements below.

ROLE REQUIRED

Administrator on the Domain Controller

BEFORE YOU BEGIN

This is the first procedure in the Okta-AD Integration guide and assumes you have considered your user mastery and Delegated Authentication strategy.

User import requirements

All on-premises AD users that will be imported to Okta must meet the following requirements:

  • Located in an OU that contains no groups. The default Users OU typically meets this requirement and is a good starting point.

  • Associated with people who currently log in to on-premises AD. Do not import service accounts or shared accounts at this stage.

  • Have both a First Name and Last Name attribute. Users without both attributes will not be imported.

  • Have an Email attribute populated with the user's current, active email address.

  • Have a consistent User Principal Name (UPN) format across all users in the OU β€” for example, firstname.lastname@example.com or flastname@example.com. The format you choose does not matter; consistency across all users does. A standardized UPN format reduces potential issues and supports a more robust integration with Okta.

NOTE

Users in a disabled or locked state will not be imported to Okta. Resolve any disabled or locked accounts before proceeding if those users should be imported.

Steps

  1. In the Active Directory Users and Computers snap-in, navigate to the OU that will be imported to Okta.

  2. Open each user account to verify it meets the import requirements above.

  3. For each user, confirm the following attributes are populated and click OK to close the user when done:

    • First name

    • Last name

    • E-mail β€” verify the UPN format is consistent with all other users in the OU

    Update any missing or inconsistent fields before proceeding. Repeat for all users in the OU.

NEXT STEPS

Completing the on-premises AD integration? Continue to Compare the governing password policies in Okta and Active Directory.

Related Articles
Okta-AD Integration guide
Configure basic settings and the user profile
Okta Groups are cluttered after importing an OU that contained AD Groups
AD users are not appearing in the Okta import
New Okta users are not being pushed to on-premises AD
Did this answer your question?