We're Hiring

Corporate Account Executive (BENELUX)
Sr. Customer Success Manager
Sr. Technical Consultant, Professional Services
Sr. Manager, Partner Marketing (EMEA)
Senior Accountant
Developer Evangelist
Director of Product Management for Reporting and Big Data Applications
Director/Sr Manager of Product Management, Microsoft Technology and Integrations
Lead UX Researcher
Senior Product Manager, Enterprise Mobility
Senior Product Manager, User Experience and Growth
Technical Marketing Manager
UX Designer
Sr. Customer Success Manager
Sr. Technical Instructor
Director, Sales Strategy & GTM Operations
Sales Operations Analyst
Sales Operations Manager
Sr. Data Analyst
Sr. Data Analyst (Marketing)
Sr. Data Engineer
Cloud Enterprise Architect
Integrations Services Manager
Sr. Technical Consultant
QA Manager
Quality Engineer - Mobile (Sr./Staff/Principal)
Quality Engineer - Mobile (Sr./Staff/Principal)
Site Reliability Engineer (Sr./Staffing/Principal)
Software Architect
Software Engineer - Core Technology (Sr./Staff/Principal)
Software Engineer - Directories Platform
Software Engineer - Federations Platform
Software Engineer – Mobility Management (Principal/Architect)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - O365 Identity Management (Sr./Staff/Principal)
Software Engineer - Office 365 Okta Cloud Connect (Sr./Staff/Principal)
Software Engineer - Performance (Sr./Staff/Principal)
Software Engineer - Security (Sr./Staff/Principal)
Software Engineer - Security (Sr./Staff/Principal)
Software Engineer - UI Mobility Management
Software Engineer - UI/Data Visualization (Sr./Staff/Prin.)
Software Engineer - Universal Directory (Sr./Staff/Principal) SF/Seattle/Austin/Toronto
Software Engineer in Test - O365 Identity Management
Information Security Engineer/Sr Information Security Engineer
Sr. Penetration Testing Engineer
IT Support Engineer
Principal/Sr. Systems Architect
Commercial Contracts Attorney
Sr. Manager, Field Marketing
Corporate Account Executive
Enterprise - Regional Sales Manager (Denver)
Field Account Executive - Rocky Mountains/Desert
Sales Development Representative
Sales Engineer
Sr. Sales Engineer
Technical Support Engineer
Director, Business Development - ISV Partner Ecosystem

Simple, Comprehensive, Robust

Extend Active Directory & LDAP to the Cloud

More Active Directory Resources


Okta's Active Directory Integration



Okta Directory Integration - An Architecture Overview



Three Ways to Integrate Active Directory with Your SaaS Applications



Three Ways to Extend Active Directory to Your Cloud Apps

Watch Now

In the majority of enterprises, Microsoft’s Active Directory (AD) is the authoritative user directory that governs access to key business applications. SaaS applications were developed with their own native user directories and because they run outside of the firewall, are typically beyond the reach of Active Directory. As a result users have to remember multiple usernames and logins and IT has to create, manage and map user accounts in AD and across their SaaS applications. Clearly these applications must be integrated with Active Directory in order to accelerate their adoption.

Okta offers the industry’s most complete, robust and easy to use Active Directory single sign-on integration.

Active directory SSO set up and configuration

Active directory SSO set up and configuration

Simple Set Up and Configuration

Enabling Active Directory single sign-on integration is a simple, wizard driven process. With the click of a button from the Okta administrative console you can download the Okta Active Directory agent and install it on any Windows Server that has access to your Domain Controller. Once installed you simply enter your Okta URL and credentials and the agent securely establishes a connection with your Okta instance — no network or firewall configuration required.

The rest of the configuration takes place centrally from the Okta administration console and covers setting up the AD integration account, specifying the target OUs and determining the schedule for ongoing user imports.

Learn more - Okta's Active Directory Integration Architectural Overview Whitepaper

Active directory SSO synchronization

Active directory SSO synchronization

Intelligent User Synchronization

Once the agent is installed and the initial user import takes place Okta intelligently processes the results. Matching algorithms are applied to analyze the incoming AD users and determine if there is a match to existing Okta users or to accounts that you have imported from other SaaS systems. Future user imports can be scheduled or performed on demand.

Active directory SSO authentication

Active directory SSO authentication

Robust Delegated Authentication

Okta’s Active Directory single sign-on integration also allows you to delegate the authentication into Okta, to your on-premises AD Domain. Users can easily log into Okta using their Okta username and active directory password.

As this feature governs user access into Okta, the architecture also support multiple Okta AD agents running in your environment to provide higher throughput, redundancy and thus greater availability. If one of the agents stops running or loses network connectivity, the authentication requests are simply routed to the other agents.

Integrated Desktop Single Sign-On

Okta leverages Microsoft’s Integrated Windows Authentication to seamlessly authenticate users to Okta that are already authenticated with their Windows domain. You simply download and install Okta’s IWA web application, configure the relevant IP ranges, and the setup is complete.

Both Mac and PC users can simply log into their corporate network once and access any cloud application with a single click. No additional usernames or passwords required, just like on-premises apps.

Security Group Driven Provisioning

Through the use of Active Directory security groups, Okta can automatically provision applications to users. Just add a user to AD, place them in a security group, and when synchronized with Okta that user will be added, and an account in the application mapped to that security group will be automatically provisioned on their behalf.

One Click Deprovisioning

User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s Centralized Deprovisioning, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access to Okta and other cloud applications.

Self Service Password Reset

Your users can also change their Active Directory password via Okta. When a user's AD password expires or is reset they will automatically be prompted to change it the next time they log in to Okta. Users can also proactively change their AD password directly from the account tab on their Okta homepage, and Okta keeps all of these credentials synchronized with AD.


November 2 - 4, Las Vegas

Industry leading identity and mobility conference designed to showcase best practices for cloud and mobile adoption.

Save $200

Early Bird Price Expires August 31

Register Now