For Okta to work, the student's AD account must be
- enabled in AD
- not expired in AD
- located in the AD OU=current semester, or OU=Google Account
- the account must be marked "active" in the Okta directory console.
- valid synch has occurred between AD and Okta
Verify the first 4 items. If any of of these are not true, then:
Ensure that you:
- Move the account into the correct OU in AD.
- Verify the account is not expired in AD
- Verify the account is enabled in AD.
- Verify the account is marked active in Okta.
If 1-3 are correct, and the account was marked in 'deactivated' in Okta then delete it in Okta and run a partial import in OKTA so that it can be re-created by the synch
If 1-3 are correct and the account is not listed in Okta then run a partial import in Okta.
If a partial import does not fix the problem, then discuss with Tier 3 to arrange a full import. A full import will lock up additonal changes for up to 3-4 hours.
Starting 12/15/2020, Tier 1, 2, 3 will be notified by email everytime an Okta synch occurs. Do not initiate any synch if one is already in progress. Partial synch takes 20 minutes or less.
Check with the team before performing an incremental import, to avoid running more than one at the same time.
Thad has to approve the full import ONLY when AD account is in the right place, and enabled, but not being picked up during incremental import.