If you have Okta configured to use AD as the source directory whereby Centrify Privileged Access Service can see the same directory through the connector, choose from the following:
- Set up groups in Okta, add AD groups as members, and set up group mapping in the SAML partnership.
- Do not create groups in Okta, but configure Centrify PAS to look up the user in AD/LDAP and then use the directory groups for permission/rights within Centrify PAS.
- force the lookup, if not found -- reject the login.
- try the look up and use the groups if present, but do not reject the login.
- Add groups from Okta into roles to grant permissions/rights within Centrify PAS.