Skip to main content

Configure basic settings and the user profile

Part of the Okta-AD Integration guide

In the Okta-AD integration wizard, the final two steps are to:

  • Configure Basic Settings β€” identify OUs for import to Okta

  • Build User Profile β€” identify the AD user attributes to include when building Okta accounts for imported AD users

BEFORE YOU BEGIN

This procedure assumes you have just configured the Okta AD Agent settings and returned to the open Okta session. When you completed the Okta AD agent installation, Okta displayed a confirmation that the AD agent had started. If you have not already done so, click Next to proceed to Basic Settings.

Configure Basic Settings

  1. The integration wizard has progressed to Basic Settings. Under Select the Organizational Units (OUs) that you'd like to sync Users from, all OUs are selected by default. Clear the checkbox at the domain level to deselect all.

  2. Select only the OU or OUs that contain the AD users you prepared for import. For most MSPs, this will be the default Users OU.

  3. Under Select the Organizational Units (OUs) that you'd like to sync Groups from, clear the checkbox at the domain level to deselect all.

  4. Select an OU that does not contain any groups. For most MSPs, this will be the default Users OU.

  5. For Okta username format, leave the default of User Principal Name (UPN). Click Next.

  6. The Okta AD Agent is now configured to import AD users from the OU(s) you specified. Click Next.

Build User Profile

  1. The integration wizard has progressed to Build User Profile, which identifies the AD user attributes used to build Okta user accounts for imported AD users. The attributes listed in the Base Schema:

    • Are required for Okta-AD sync

    • Cannot be modified

    • Are sufficient for most MSPs

    If you select additional AD attributes to sync to Okta user accounts, they will appear under Custom Schema.

  2. Most MSPs should leave the default Base Schema and click Next without creating a custom schema.

  3. Click Done.

IMPORTANT

Ignore the Next Steps listed on the Okta confirmation screen. These instructions are not appropriate actions for MSPs.

NEXT STEPS

As part of the Okta-AD Integration guide, you should now Disable Delegated Authentication.

Related Articles
Okta-AD Integration guide
Prepare an OU for AD users you will import to Okta
Update an AD user from ZeroTek
AD users are not appearing in the Okta import
Okta-M365 Integration guide
Did this answer your question?