r/okta

Any guidance would be appreciated. Obviously doing my own research to but want to get it right.

I genuinely want to understand how companies justify interview processes like this.

I went through 6 rounds of interviews for a Manager Analytics role at Okta. Total interview time alone was roughly 4–5 hours across multiple stakeholders. On top of that, there was an assignment that took another 5–6 hours to complete properly. Add preparation time for domain knowledge, leadership scenarios, GenAI discussions, dashboard architecture, stakeholder management, etc., and this process consumed a significant amount of professional effort over multiple weeks.

Then complete silence.

No rejection. No closure. No feedback. No acknowledgement that a candidate invested serious time into their process. The HR stopped responding to emails and doesn’t pick up calls anymore.

What makes this worse is that throughout the process, the messaging was extremely positive. Strong discussions, detailed rounds, assignment review, multiple follow-ups — everything indicated forward movement. Then suddenly the process disappears into a black hole.

Companies keep talking about “candidate experience” while normalizing processes that would never be tolerated internally. Imagine assigning 10+ hours of work to a vendor or consultant and then ghosting them entirely.

A hiring process reflects company culture more honestly than corporate values pages ever will.

If a company requires:

- 6 interview rounds

- extensive take-home assignments

- multiple leadership evaluations

- deep technical preparation

then the bare minimum expectation is professional communication and closure.

Candidates are not disposable bandwidth.

I've been exploring SWA as an alternative to a different mainstream enterprise pw manager so we don't need the extra spend. What I don't like about it is needing to set up the portfolio of apps VS the flexibility of end users putting any passwords they need into a dedicated manager. I want to encourage its use, not add friction and I don't want our IAM team to become a bottleneck. We also have apps that use a shared cred that end users don't need to know but neither does our team. Not sure how to set those up without having to ask stakeholders to hand over their passwords. How have others gone about this? Or did you find an enterprise password manager to be preferable?

Hey everyone,

We're migrating users from AD-synced to cloud-only in Entra with Okta as our federated IdP (we just moved to cloud mailboxes which is why we can do this now).

Okta sends the ImmutableId as the SAML NameID to Entra at login. Even if we change this to email/UPN, Entra still can't find the user and throws AADSTS51004.

We learned the hard way that clearing onPremisesImmutableId via Graph API breaks login immediately, and you can't write it back because Graph blocks writes on federated domain users.

What we tried:

1. Move the user's AD object to an unsynced OU -> user gets soft-deleted
2. Restore the user
3. Clear onPremisesImmutableId via Graph API
4. OnPremisesSyncEnabled flips to False
5. User is now unanchored from AD - but login is completely broken
6. Can't write ImmutableId back via Graph (federated domain restriction)
7. Can't fix it from Okta side either even though the correct ImmutableId exists in the Okta user profile

We also have an Okta AD Agent in place if that changes anything.

What's the clean way people have done this at scale?

Thanks

We have numerous domains and numerous AD Agents and when trying to find anything its tedious and time consuming because of the way log structure is and there's no centralized log for all agents (either by domain or entire environment).

I am just wondering how you and your team are managing these today? Are you doing nothing? Or utilizing a tool? Or did you come up with a custom solution?

Thanks.

Looking for an experienced engineer/consultant to assist with an Okta + Workday (or HR platforms) integration project.

Requirements:

• Strong hands-on experience with Okta and Workday integration
• Experience with provisioning, SSO, lifecycle management, and troubleshooting
• Able to work collaboratively during implementation

Project engagement:

• Remote
• Minimum 10 hours commitment
• Immediate start preferred

If interested, please DM me with your experience and availability. Thanks

Hi all, I'm testing migration from Workspace ONE to Intune in an Okta-federated Entra ID environment.

Issue:

1.Device successfully Entra joins and enrolls to Intune

2. \`dsregcmd /status\` shows \`AzureAdJoined = YES\` but \`AzureAdPrt = NO\`

3. PRT acquisition fails with \`0xc0004bc1\`

4. Users cannot sign in at Windows login with federated credentials (only local admin works)

This also happens on fresh Autopilot/clean enrollments, not just migrated devices.

Has anyone seen Okta federation / device trust / conditional access configurations cause Windows PRT issuance failures on Entra-joined devices?