If you have Okta configured to use AD as the source directory whereby Privileged Access Service can see the same directory through the connector, choose from the following:
- Set up groups in Okta, add AD groups as members, and set up group mapping in the SAML partnership.
- Do not create groups in Okta, but configure Centrify PAS to look up the user in AD/LDAP and then use the directory groups for permission/rights within Centrify PAS. Instead, try one of the follwing:
- Force the lookup. If the user is not found, reject the login.
- Try the the lookup and use the groups (if present), but do not reject the login.
- Add groups from Okta into roles to grant permissions/rights within Centrify PAS.
Note: To customize the login session timeout value for user accounts federated from Okta to Centrify PAS, contact Centrify Support. This value is the duration for the user's login session. A suggested timeout value might be 4 hours, 8 hours, etc.