/
Upgrading from Okta AD Agent version 3.12.0 and later

Upgrading from Okta AD Agent version 3.12.0 and later

Owned by Knowledge Assistant
Last updated: Feb 26, 2025
2 min read
Description of Issue

I see information in our OKTA admin panel stating that our AD agent needs to be upgraded. We are using version 3.12 or later. Can you provide instructions or assistance with this?

Context

  • Tyler Identity

  • Okta

  • Okta AD Agent

  • 3.12

Cause

Okta will only support AD agents on version 3.18.0 or higher and LDAP agents on version 5.22.0 and higher

Resolution

Important: During update, Agent connections are temporarily down, so if you only have one operational agent available, new users won’t be able to sign in during the update

Average time to complete is 5 minutes

Updating from Okta AD Agent version 3.12.0 and later

  1. Login to your Admin Center as an Org Admin e.g. https://<customeridentifier>-admin.tylerportico.com/org/admin-center

  2. Navigate to Identity Workforce>AD Agents

  3. Click on the Okta login

  4. Login with your oktaadmin@tidsupport.com username and password. Note that Tyler does not retain these credentials

    1. For instructions on how to reset the Okta admin password see Reset Okta AD Agent password from Admin Center

  5. Navigate to Settings>Download and download the latest available AD Agent

    1. Do not click on the auto update button, it will not work

  6. Copy the installer to the server with the existing AD Agent install

  7. Run the installation and follow the prompts, accepting all defaults

  8. Once the install is complete, return to Admin Center under the Identity Workforce>AD Agents and ensure that the status reflects OPERATIONAL and on the latest GA version

  9. If you have multiple agents installed, repeat steps 6-8 to update the agent to the same GA version

Additional Information

Special considerations for installation/update of version 3.18 and later:

AD Agent now uses a very secure authentication method, but it comes at the cost of ensuring that AD Agent member servers are time-synched with a standard NTP (Network Time Protocol) server pool

The maximum allowed clock skew is 30 seconds. Larger time disparities may cause connection issues

Please consult this Okta article for further details: https://support.okta.com/help/s/article/ad-agent-connection-issues-for-version-3-18-0-and-above?language=en_US









Related content

Upgrading from Okta AD Agent version 3.11.0 and lower
Upgrading from Okta AD Agent version 3.11.0 and lower
Knowledge Assistant
More like this
Upgrading the Okta AD Agent
Upgrading the Okta AD Agent
Knowledge Assistant
More like this
Mandatory Okta AD Agent Upgrade
Mandatory Okta AD Agent Upgrade
Knowledge Assistant
More like this
Installing the Okta AD Agent
Installing the Okta AD Agent
Knowledge Assistant
More like this
Reset Okta AD Agent password from Admin Center
Reset Okta AD Agent password from Admin Center
Knowledge Assistant
More like this
Active Directory not found in Okta Tenant after installing AD Agent
Active Directory not found in Okta Tenant after installing AD Agent
Knowledge Assistant
More like this