Simplify and accelerate Microsoft deployments
Organizations can achieve simple and fast Microsoft deployments using Okta’s turnkey, vendor-neutral identity solution. Here are some of the ways Okta can solve business challenges around AD integration.
Easy and powerful identity federation from Active Directory
Okta integrates with Active Directory using lightweight agents that run on any Windows machine with read access to the domain controller, and require no changes to firewall settings. Okta supports delegated authentication, provisioning and deprovisioning, directory sync, and AD password management. Whenever a change occurs in either direction between Active Directory or Okta, those changes are synchronized incrementally. An administrator can deactivate a user in Okta Universal Directory, and the user’s record in Active Directory will also be deactivated instantly.
Efficient domain consolidation
When mergers and acquisitions bring different companies and their resources together, consolidating domains, tools, and approaches to security can be a challenge. A modern, cloud-based approach can speed up and simplify this process. Existing users and groups from AD and LDAP can be imported into Okta, where the attributes can be transformed, manipulated, and logic applied to ensure data is clean and reconciled during the process.
Organizations can use Okta to connect an unlimited number of directories, consolidate users and groups from untrusted forests, and synchronize them all to a central Active Directory. Okta will manage these directories from a central admin console. Then once the user is authenticated to the AD domain, Okta will authenticate them into the cloud and to the applications they need.
No credentials stored in the cloud, no out-of-sync passwords
When Okta is configured for delegated authentication to Active Directory, no AD credentials are stored in the cloud, and passwords never get out of sync. Unlike Windows Azure Active Directory and on-premises Azure AD Connect (DirSync), Okta maintains continuous connectivity with AD with its on-premises agents. When an AD user logs in, Okta agents check the password stored in AD in real-time.
Easy password reset
It doesn’t matter whether the user’s account is mastered in Active Directory or in the Okta Universal Directory. If a user changes their password via their Windows PC or an on-premises password management tool, Okta instantly uses that new password. Users can also change or reset their password through the Okta portal.