We're Hiring

Engineering Manager - Toronto
Software Engineer - UI Integration Infrastructure-Senior/Staff/Principal
Corporate Account Executive (BENELUX)
Sr. Manager, Partner Marketing (EMEA)
Sr. Mgr, Business Development
Director of Product Management for Reporting and Big Data Applications
Director/Sr Manager of Product Management, Microsoft Technology and Integrations
Lead UX Researcher
Vice President, Product Marketing
Customer Success Manager
Developer Support Engineer
Sr. Customer Success Manager
Sr. Customer Success Manager
Sr. Customer Success Manager
Technical Instructor
Data Engineer
Cloud Enterprise Architect
Integrations Services Manager
Sr. Technical Consultant, Professional Services
Sr. Technical Consultant, Professional Services
Sr. Technical Consultant, Professional Services
Sr. Technical Consultant, Professional Services
Sr. Technical Consultant, Professional Services
Technical Manager, Professional Services
Engineering Manager - San Francisco
Engineering Manager - Seattle/Bellevue
Engineering Program Manager (Regulatory Compliance)
Principal Site Reliability Engineer
QA Manager
Quality Engineer - Mobile (Sr./Staff/Principal)
Quality Engineer - Mobile (Sr./Staff/Principal)
Site Reliability Operator
Software Architect
Software Engineer - Core Technology (Sr./Staff/Principal)
Software Engineer - Directories Platform
Software Engineer - Enterprise Mobility (Lead/Principal)
Software Engineer - Federations Platform
Software Engineer - Integration Infrastructure (Senior)
Software Engineer - Mobility Management - Server (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - Office 365 Okta Cloud Connect (Sr./Staff/Principal)
Software Engineer - Office 365 Okta Cloud Connect (Sr./Staff/Principal)
Software Engineer - Performance (Sr./Staff/Principal)
Software Engineer - Security (Sr./Staff/Principal)
Software Engineer - UI - Adaptive Authentication (Sr./Staff/Prin.)
Software Engineer - UI/Data Visualization (Sr./Staff/Prin.)
Software Engineer - Universal Directory (Sr./Staff/Principal) SF/Seattle/Austin/Toronto
Software Engineer - User Management Integrations
Software Engineer in Test - Analytics & Reporting (Sr./Staff/Principal)
Software Engineer in Test - O365 Identity Management
Software Engineer in Test - UI/Selenium (Sr./Staff/Principal)
Software Engineer-Windows Device Management (Lead/Principal)
Information Security Analyst - Cloud
Information Security Engineer/Sr Information Security Engineer
Sr. Penetration Testing Engineer
Contract Sales Recruiter
Contract Technical Recruiter
Contract Technical Sourcer
Field Marketing Specialist
Sr. Copywriter & Content Marketing Manager
Sr. Field Marketing Manager
Corporate Account Executive
Enterprise - Platform Overlay West
Enterprise - Regional Sales Manager (Atlanta)
Enterprise - Regional Sales Manager (Denver)
Enterprise - Regional Sales Manager (Kansas City or St. Louis)
Enterprise - Regional Sales Manager (NYC)
Enterprise - Regional Sales Manager, Atlanta
Manager of Sales Development
Sales Development Representative
Sales Engineer
Sr. Sales Engineer
Sr. Sales Engineer
Sr. Sales Engineer
Sr. Sales Engineer
Technical Support Engineer

Simple, Comprehensive, Robust

Extend Active Directory & LDAP to the Cloud

More Active Directory Resources


Okta's Active Directory Integration



Okta Directory Integration - An Architecture Overview



Three Ways to Integrate Active Directory with Your SaaS Applications



Three Ways to Extend Active Directory to Your Cloud Apps

Watch Now

In the majority of enterprises, Microsoft’s Active Directory (AD) is the authoritative user directory that governs access to key business applications. SaaS applications were developed with their own native user directories and because they run outside of the firewall, are typically beyond the reach of Active Directory. As a result users have to remember multiple usernames and logins and IT has to create, manage and map user accounts in AD and across their SaaS applications. Clearly these applications must be integrated with Active Directory in order to accelerate their adoption.

Okta offers the industry’s most complete, robust and easy to use Active Directory single sign-on integration.

Active directory SSO set up and configuration

Active directory SSO set up and configuration

Simple Set Up and Configuration

Enabling Active Directory single sign-on integration is a simple, wizard driven process. With the click of a button from the Okta administrative console you can download the Okta Active Directory agent and install it on any Windows Server that has access to your Domain Controller. Once installed you simply enter your Okta URL and credentials and the agent securely establishes a connection with your Okta instance — no network or firewall configuration required.

The rest of the configuration takes place centrally from the Okta administration console and covers setting up the AD integration account, specifying the target OUs and determining the schedule for ongoing user imports.

Learn more - Okta's Active Directory Integration Architectural Overview Whitepaper

Active directory SSO synchronization

Active directory SSO synchronization

Intelligent User Synchronization

Once the agent is installed and the initial user import takes place Okta intelligently processes the results. Matching algorithms are applied to analyze the incoming AD users and determine if there is a match to existing Okta users or to accounts that you have imported from other SaaS systems. Future user imports can be scheduled or performed on demand.

Active directory SSO authentication

Active directory SSO authentication

Robust Delegated Authentication

Okta’s Active Directory single sign-on integration also allows you to delegate the authentication into Okta, to your on-premises AD Domain. Users can easily log into Okta using their Okta username and active directory password.

As this feature governs user access into Okta, the architecture also support multiple Okta AD agents running in your environment to provide higher throughput, redundancy and thus greater availability. If one of the agents stops running or loses network connectivity, the authentication requests are simply routed to the other agents.

Integrated Desktop Single Sign-On

Okta leverages Microsoft’s Integrated Windows Authentication to seamlessly authenticate users to Okta that are already authenticated with their Windows domain. You simply download and install Okta’s IWA web application, configure the relevant IP ranges, and the setup is complete.

Both Mac and PC users can simply log into their corporate network once and access any cloud application with a single click. No additional usernames or passwords required, just like on-premises apps.

Security Group Driven Provisioning

Through the use of Active Directory security groups, Okta can automatically provision applications to users. Just add a user to AD, place them in a security group, and when synchronized with Okta that user will be added, and an account in the application mapped to that security group will be automatically provisioned on their behalf.

One Click Deprovisioning

User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s Centralized Deprovisioning, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access to Okta and other cloud applications.

Self Service Password Reset

Your users can also change their Active Directory password via Okta. When a user's AD password expires or is reset they will automatically be prompted to change it the next time they log in to Okta. Users can also proactively change their AD password directly from the account tab on their Okta homepage, and Okta keeps all of these credentials synchronized with AD.

Enterprise-grade identity & mobility management for all your apps, users & devices

Try Okta Free