LDAP (Lightweight Directory Access Protocol) is a standard protocol used for user management. LDAP has been an important part of directory strategies because of its fast read times, ability to scale, and ease to work with. Many companies depend on on-prem LDAP servers to run their critical business apps.
An LDAP Directory is a directory that uses the LDAP protocol. LDAP is prevalent – in fact, Microsoft Active Directory is an LDAP-based solution.
Many organizations depend on on-prem LDAP servers to run their critical business applications. These organizations need an easy way to extend their LDAP infrastructure as they adopt cloud applications.
However, LDAP may not be something IT no longer wishes to manage themselves because they want to move to a cloud-first IT strategy. Or they want a way to add MFA to LDAP authentication for increased security.
Okta's LDAP Interface allows cloud based LDAP authentication against Universal Directory instead of an on-prem LDAP server, including Active Directory. There is nothing to install, maintain, or update. Everything is in the cloud. This reduces IT's dependencies on on-prem LDAP servers, while improving security by protecting everything behind Okta.
Okta also allows organizations to enable MFA on top of LDAP calls. This is a great way to increase security of legacy applications.
Reduce on-prem dependencies
Remove on-prem LDAP servers
Reduce dependency on AD
Improve security for LDAP apps
MFA to LDAP apps
Access policies for LDAP apps
Non-employee access to LDAP
Okta LDAP Interface replaces existing LDAP server
Okta LDAP Agent: connect on-prem LDAP to Okta
Okta also offers a light weight, easy to install agent that sits on your on-prem LDAP server, allowing end users to authenticate to Okta using their LDAP credentials without replicating those credentials into the cloud. In addition, Okta can import user accounts and attributes into the cloud service to improve performance and support complex scenarios.
This is all done without firewall changes or additional on-prem hardware.
Delegated authentication - Use credentials in your LDAP directory to authenticate users into apps without importing, storing, or passing user credentials to Okta
Provisioning - Enable provisioning to LDAP directories from Okta or other connected systems (such as AD or HR Systems)
Self-service password reset - Allow end users to reset or change their password without pinging the IT help desk
Scheduled and just-in-time imports - Import user information each time the user successfully authenticates or get imports of both users and groups at scheduled times
Incremental imports - Become more efficient by appending user attributes and schemas without completely replacing the user
Password sync- Synchronize passwords from Okta (or other connected directories like Active Directory) into LDAP directories