VM-CASINO-OKTA01 — Okta AD Agent Server
VM-CASINO-OKTA01 — Okta AD Agent Server
Overview
| Field | Value |
|---|---|
| VM Name | VM-CASINO-OKTA01 |
| Role | Okta AD Agent / Identity Bridge |
| Environment | Production |
| Location | Casino Floor Data Center — Rack A6 |
| vCenter | vcenter.casino.local |
| Cluster | MGMT-CLUSTER-01 |
| Host | esxi-host-03.casino.local |
| VM UUID | 422efm78-8b2e-11ec-o5c2-000c29a1b3df |
| Hardware Version | VMware Hardware v19 |
Hardware Configuration
| Component | Specification |
|---|---|
| vCPUs | 4 |
| CPU Sockets | 2 |
| Cores per Socket | 2 |
| RAM | 8 GB |
| Memory Reservation | 4 GB |
| CPU Reservation | 1000 MHz |
Storage
| Datastore | Disk | Size | Type | Format |
|---|---|---|---|---|
| MGMT-SAN-DS01 | Hard Disk 1 (OS) | 80 GB | VMDK | Thin Provisioned |
Networking
| Adapter | Type | Port Group | VLAN | MAC Address | IP Address |
|---|---|---|---|---|---|
| NIC 1 | VMXNET3 | PG-MGMT-100 | 100 | 00:50:56:a1:15:01 | 10.10.100.150 |
Guest OS
| Field | Value |
|---|---|
| OS | Windows Server 2022 Standard |
| Build | 20348.2340 |
| VMware Tools | 12.3.0 (Current) |
| Computer Name | CASINO-OKTA01 |
| Domain | casino.local |
| Time Zone | Eastern Standard Time |
Application Stack
| Field | Value |
|---|---|
| Application | Okta AD Agent v3.18.0 |
| Auth Method | OAuth 2.0 with DPoP (v3.18+) |
| Okta Tenant | casino.okta.com |
| Connected AD | casino.local |
| Sync Scope | OU=Users,DC=casino,DC=local |
| Sync Frequency | Every 5 minutes |
| Agent Status | Active |
| HA Partner | VM-CASINO-OKTA02 |
Sync Configuration
| Field | Value |
|---|---|
| User Import | Enabled — incremental + full weekly |
| Password Sync | Enabled (Okta as source of truth) |
| Group Push | Enabled — 45 groups synced |
| Delegated Auth | Enabled — AD validates on-prem passwords |
| JIT Provisioning | Disabled |
Okta Features Active
| Feature | Status |
|---|---|
| MFA (Okta Verify) | Enforced — all users |
| SSO | Enabled — 23 applications |
| Lifecycle Management | Active — AD to app provisioning |
| Universal Directory | Primary |
| Okta LDAP Interface | Enabled — port 636 |
Backup & Recovery
| Field | Value |
|---|---|
| Backup Tool | Veeam Backup & Replication 12 |
| Backup Schedule | Daily 01:30 AM |
| Retention | 14 days |
| RTO Target | 1 hour |
| RPO Target | 24 hours |
Notes
- HA pair with VM-CASINO-OKTA02 — both agents must be healthy for full redundancy
- Agent communicates outbound to Okta SaaS on port 443 — no inbound firewall rules required
- OAuth 2.0 / DPoP authentication introduced in v3.18 — legacy API token no longer used
- AD password writeback is disabled — Okta is the password authority
- Patching: Agent auto-updates from Okta — coordinate with Identity Team before manual updates
- Contact: Identity / Infrastructure Team
No comments to display
No comments to display