We are importing users and groups from AD to Okta. There are 4 AD domain / Okta integrations, each running on an hourly import schedule. Recently, a scheduled domain import ran and began removing active users from their AD-sourced groups in Okta despite being assigned to those groups in AD, and belong to a separate domain in AD.
Things that we confirmed:
The User OUs and Group OUs are synced from AD to Okta
The AD-sourced users and AD-sourced groups exist in Okta
The active users are assigned to the corresponding groups in AD
What could be the cause of this?
Screenshot of unexpected group membership removal:
Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to Active Directory Integrations. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)
Okta’s teams on the Community are better equipped to provide the comprehensive support and guidance you need as they have the specialised knowledge and expertise in AD Integrations.
We appreciate your understanding and are committed to ensuring you receive the best possible support. If you have any other questions or issues related to Okta’s developer tools and API’s, feel free to post them here, and we’ll be happy to assist!
