What happens to a user's account in Okta when they are disabled in Active Directory?

When a user is disabled in Active Directory, the corresponding account in Okta is effectively deactivated as part of the integration between the two systems. This is because Okta relies on Active Directory as an identity source and synchronizes account states with it. When a user is disabled in Active Directory, Okta automatically reflects that status change by deactivating the user's account.

Deactivation means that the user can no longer authenticate or gain access to applications managed by Okta. This automatic response helps maintain security and ensures that users who are not active in the organization's directory do not have access to sensitive resources.

Regarding the other options, while they may touch on related aspects, they do not accurately describe the immediate consequence of a user being disabled in Active Directory. For instance, removing all application assignments is not a direct outcome of deactivation in Okta but may occur as a result of the user being deactivated and losing access. Sending an email to the administrator is not a standard behavior within this context, as the system's focus is on security and state synchronization rather than notification. Finally, allowing the user to log on while deactivating access to applications contradicts the deactivation process, where the ability to log in is entirely removed.