The Lightweight Directory Access Protocol (LDAP) is an internet protocol that enterprise programs such as email, CRM, and HR software use to authenticate access and find information from a server. It is open, vendor-neutral, well supported, and flexible enough for storing information on internal and external users alike. Because of its scalability and performance, organizations have built much of their products and services on top of the LDAP protocol, making it a staple in corporate networks across the globe. Now, countless organizations depend on their on-prem LDAP servers to run many of their critical business applications. LDAP integrations are now common in corporate IT environments for applications, network tools, servers, and devices.
Okta’s LDAP agent for Hybrid IT
At Okta, we understand that many organizations will continue to maintain their LDAP servers and will need ongoing support for LDAP authentication to them. For these organizations, Okta offers a lightweight LDAP agent which was first introduced in 2015. Installed without the need for additional servers or firewall changes, the Okta LDAP Agent allows delegated authentication to an on-premises LDAP server, meaning end users can authenticate to Okta using their local LDAP credentials without replicating those credentials into the cloud.
However, if desired, the agent can also enable Okta to be the main source of truth:
Users and groups can be automatically imported from LDAP to Okta
Any changes made in LDAP can auto-sync to Okta and vice versa
Automated provisioning of LDAP users can be done via the agent
Okta’s self-service reset flow process handles end-user password change requests without IT
This makes the Okta LDAP agent a great choice for organizations who want to maintain a hybrid IT environment where they have some resources on-prem and some migrated to the cloud.
However, we see many organizations adopting a cloud-first IT strategy who want to find ways to modernize their IT by moving off their on-prem resources including LDAP. There are three key reasons for this:
On-Prem Headache: Manually maintaining and patching on-prem infrastructure is cumbersome, time-consuming, and takes away from more value-add IT projects
Expensive: Hiring and keeping in-house LDAP experts to manage LDAP servers with high availability is expensive
Insecure: Difficult to add step-up authentication or MFA to resources behind an on-prem LDAP
Okta LDAP Interface to the rescue
For these organizations looking to move more to the cloud, Okta offers our LDAP Interface, a feature which lets organizations perform cloud-based LDAP authentication with Okta’s Universal Directory. With the Okta LDAP Interface, IT can authenticate users accessing LDAP supported applications and network equipment such as wireless access points, switches, firewalls, VPN clients, and device management providers such as JAMF and AirWatch without the need for an on-prem LDAP server. There is no on-prem agent to install or additional on-prem requirements, allowing many to reduce or completely retire their on-prem LDAP footprint.
By protecting access to LDAP resources behind Okta, IT also gains the benefit of adding the ability to enforce Multi Factor Authentication (MFA) to LDAP access. This can be difficult to accomplish with an on-prem LDAP. With Okta Lifecycle Management, IT can also automate provisioning of users in LDAP directories so users and groups all have the appropriate level of privileges at all times.
This is in addition to all the features one expects from an enterprise-grade cloud service. It is fully scalable, highly available, and Okta manages the platform so it is always up to date and secure.
Okta as a Platform for Modernizing IT
LDAP remains an important IT component of many organizations today. Okta’s LDAP agent provides a simple way to connect those LDAP servers. At the same time, IT leaders are looking for ways to migrate more to the cloud and looking for solutions to help. For these leaders, Okta’s LDAP Interface offers cloud-based LDAP authentication, reducing the need for on-prem LDAP servers or removing them completely. Coupled with Okta Single Sign-On and Lifecycle Management, Okta becomes a complete solution for any organization on their path towards IT modernization.