Merge pull request #250892 from omondiatieno/sync-provisioning

Okta sync provisioning

Author: prmerger-automator[bot]

articles/active-directory/manage-apps/migrate-okta-sync-provisioning.md

@@ -35,8 +35,10 @@ When you synchronize users, use an Azure AD Connect server if your organization
 - Support for more than 150,000 objects
 - Support for writeback
 
-  >[!NOTE]
-  >Take all prerequisites into consideration when you install Azure AD Connect or Azure AD cloud provisioning. Before you continue with installation, see [Prerequisites for Azure AD Connect](../hybrid/connect/how-to-connect-install-prerequisites.md).
+To use Azure AD connect, you need to sign in with one of the following roles: Global Administrator, or Hybrid Identity Administrator.
+
+>[!NOTE]
+>Take all prerequisites into consideration when you install Azure AD Connect or Azure AD cloud provisioning. Before you continue with installation, see [Prerequisites for Azure AD Connect](../hybrid/connect/how-to-connect-install-prerequisites.md).
 
 ## Confirm ImmutableID attribute synchronized by Okta
 
@@ -53,7 +55,7 @@ Connect-MgGraph
 If you have the module, a warning might appear to update to the latest version.
 
 1. Import the module after it's installed.
-2. In the authentication window, enter Global Administrator credentials.
+2. In the authentication window, sign in as at least a [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator).
 
    ![Screenshot of the Microsoft Graph PowerShell window. The install-module, import-module, and connect commands are visible with their output.](./media/migrate-okta-sync-provisioning/import-module.png)
 
@@ -225,7 +227,7 @@ After you disable Okta provisioning, the Azure AD Connect server can synchronize
 
 3. Select **Configure staging mode** 
 4. Select **Next**. 
-5. Enter Global Administrator credentials.
+5. Enter the credentials of the Global administrator account for your environment.
 
    ![Screenshot of the Azure AD Connect window. Tasks is selected. On the Additional tasks page, Configure staging mode is selected.](./media/migrate-okta-sync-provisioning/configure-staging-mode.png)
 
@@ -252,16 +254,14 @@ After you disable Okta provisioning, the Azure AD Connect server can synchronize
 
 After you disable Okta provisioning, the Azure AD cloud sync agent can synchronize objects.
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Browse to **Azure Active Directory**.
-3. Select **Azure AD Connect**.
-4. Select **Cloud Sync**.
-5. Select **Configuration** profile
-6. Select **Enable**.
-7. Return to the provisioning menu and select **Logs**.
-8. Confirm the provisioning connector updated in-place objects. The cloud sync agents are nondestructive. Updates fail if a match isn't found.
-9. If a user is mismatched, make updates to bind the ImmutableID values. 
-10. Restart the cloud provisioning sync.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator).
+2. Browse to **Identity** > **Hybrid management** > **Azure AD Connect** > **Connect Sync**. 
+3. Select **Configuration** profile.
+4. Select **Enable**.
+5. Return to the provisioning menu and select **Logs**.
+6. Confirm the provisioning connector updated in-place objects. The cloud sync agents are nondestructive. Updates fail if a match isn't found.
+7. If a user is mismatched, make updates to bind the ImmutableID values. 
+8. Restart the cloud provisioning sync.
 
 ## Next steps