Hey everyone,
New to Okta here.
My company is building out a new on-prem AD infrastructure, and we want to sync that with Okta. We will also be using that same Okta instance (synced withour AD) for SSO to authenticate with other 3rd party apps (Dropbox, Slack, Zoom, etc.).
Is Okta Cloud Identity the product we need, or are there additional products we need, in order to keep our Okta instance synced with our on-prem AD servers?
Thank you!
You’d need to install AD agents at least. Further improvements may include DSSO for WNA.
Hi @monkthecat
To connect your Active Directory with Okta, you will require, as @phi1ipp mentioned, the Active Directory agent. This agent communicates on port 443 (https) and allows Okta to bring your users from Active Directory and provision them or single sign-on them to your 3rd party apps.
Does the AD Agent need to be installed on just one DC, or all of the ones we have? And does inbound port 443 need to be open on a WAN facing NIC on our server for this to work?
better to install on few, just for high availability. You don’t need to open inbound, agent polls Okta for events
Ahh great, thank you @phi1ipp.
So if I 1) sign up for Okta Universal Directory, and 2) install the AD Agent on our DCs, that should allow SSO from desktop, using AD accounts in our domain? Or are there other bits needed (you mentioned DSSO for WNA)?
desktop SSO is a bit more complex beast and requires more configuration steps, but in general “yes” you will be able to with new “agentless DSSO” approach.
I recommend you to go through the documentation and study what it requires - https://help.okta.com/en/prod/Content/Topics/Directory/ad-desktop-sso-main.htm
@phi1ipp great, thanks for the links and the help!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.