Q: My customer is asking for Active Directory (AD) integration. If I integrate with Okta, can I connect to my customer's on-premise directory?
Yes. One of the key benefits of developing a pre-built integration with Okta is that you can leverage our existing Active Directory support. By integrating with Okta (for Single Sign-On (SSO) or provisioning), you effectively have the ability to integrate with your customer's on-premise AD or LDAP infrastructure for authentication. Your end users can sign in to your cloud app using their corporate password. You also be able to do things like use AD groups to drive access rights for authentication and provisioning policies.
Q: Is the IdP session time out a setting that an Okta administrator can change? And if so, can it be changed on a per application basis, or is it a global setting for all of the user's applications?
Yes, the session time out default is two hours, but the Okta administrator can customize the default. This session time out is an IdP setting and therefore it is global and applies to all applications in an Okta org. See the "Creating Sign-on Policies and Adding Rules" section in our Security Policies documentation.
SAML FAQs are covered in the SAML - Frequently Asked Questions document.
SCIM FAQs are covered in the SCIM - Frequently Asked Questions document.