Which assertion is true concerning the management of AD groups in the context of Okta integration?

The statement that AD groups are mutable only from Active Directory (AD) accurately reflects the nature of how group management operates in the context of Okta integration. In this setup, while Okta can read and synchronize information from AD, any changes to the group membership and properties must be made directly within AD itself. This means that Okta serves primarily as a layer that communicates with AD but does not have the capacity to make changes to the AD groups' structures or members.

This principle emphasizes Okta's role as a cloud identity provider that supplements organizational resources without taking over the primary management capabilities of AD. Hence, to maintain consistency and integrity of group data within the whole infrastructure, modifications are restricted to the AD environment, reinforcing the idea that AD remains the authoritative source for group management. Understanding this aspect is crucial for administrators to correctly implement policies and workflows that involve user and group management within an integrated system like Okta.