hey all we have setup okta to master ad and we have to remove the assignment of it for one user...


Badge

hey all we have setup okta to master ad and we have to remove the assignment of it for one user as it was not provisioning correctly and now we want to add him back but I dont see a place to add him



🗨 Link to Slack thread

13 replies

Badge

The people were being added automatically to a group and then that group pushed to AD.That person is still in the group but not being pushed now

Userlevel 3
Badge +3

When you say you don't see a place to add him, what place are you looking? And it sounds like you're using group rules for the assignment?

Badge

i am looking in directory intergration

Badge

assignments tab

Badge

there is no

Badge

it look like this

Userlevel 1
Badge +2

I think you add this person manually and then on the next sync with AD, it should link the two accounts. At least that's how I've seen it work with other integrations.

Userlevel 3
Badge +3

Yeah, you might need to force the sync between ad and Okta, then make sure the two are matched correctly. Okta may look at it as a conflict issue.

Badge

I found that we’ve had to remove the user from the group that’s being used to sync Okta with AD. This allows us to recreate the AD object by deactivating the user in Okta then activating again, adding the user to the provisioning group, then syncing the push group under Directory Integration.

Badge

yeah this is what i was hoping to avoid when you have so much automation it just creates havoc across downstream apps

Badge

There’s always a trade off with automation. If done correctly, it should pay off in the long run. But I hear ya, sometimes it seems like playing a game of whack-a-mole with some of this stuff.

Badge

If you’re using Group Rules, watch out for any active users that may be excluded.

Badge

Was exactly what i thought @mgosto

Reply