Okta + LDAP

Easily connect your LDAP infrastructure to Okta

What is LDAP?

LDAP (Lightweight Directory Access Protocol) is a standard protocol used for user management. LDAP has been an important part of directory strategies because of its fast read times, ability to scale, and ease to work with. Many companies depend on on-prem LDAP servers to run their critical business apps.

An LDAP Directory is a directory that uses the LDAP protocol. LDAP is prevalent – in fact, Microsoft Active Directory is an LDAP-based solution.

Okta LDAP Interface: cloud-based LDAP authentication

Many organizations depend on on-prem LDAP servers to run their critical business applications. These organizations need an easy way to extend their LDAP infrastructure as they adopt cloud applications.

However, LDAP may not be something IT no longer wishes to manage themselves because they want to move to a cloud-first IT strategy. Or they want a way to add MFA to LDAP authentication for increased security.

Okta's LDAP Interface allows cloud based LDAP authentication against Universal Directory instead of an on-prem LDAP server, including Active Directory. There is nothing to install, maintain, or update. Everything is in the cloud. This reduces IT's dependencies on on-prem LDAP servers, while improving security by protecting everything behind Okta.

Okta also allows organizations to enable MFA on top of LDAP calls. This is a great way to increase security of legacy applications.

Reduce on-prem dependencies
  • Reduce dependency on AD
Improve security for LDAP apps
  • MFA to LDAP apps
  • Access policies for LDAP apps
  • Non-employee access to LDAP

Okta LDAP Interface replaces existing LDAP server

LDAP Interface

Okta LDAP Agent: connect on-prem LDAP to Okta

Okta also offers a light weight, easy to install agent that sits on your on-prem LDAP server, allowing end users to authenticate to Okta using their LDAP credentials without replicating those credentials into the cloud. In addition, Okta can import user accounts and attributes into the cloud service to improve performance and support complex scenarios.

This is all done without firewall changes or additional on-prem hardware.

    • Delegated authentication - Use credentials in your LDAP directory to authenticate users into apps without importing, storing, or passing user credentials to Okta
    • Provisioning - Enable provisioning to LDAP directories from Okta or other connected systems (such as AD or HR Systems)
    • Self-service password reset - Allow end users to reset or change their password without pinging the IT help desk
      • Scheduled and just-in-time imports - Import user information each time the user successfully authenticates or get imports of both users and groups at scheduled times
      • Incremental imports - Become more efficient by appending user attributes and schemas without completely replacing the user
      • Password sync - Synchronize passwords from Okta (or other connected directories like Active Directory) into LDAP directories

      Okta LDAP Agent connects to existing LDAP server

      LDAP Agent

      Related resources

      Documentation

      Connecting to Okta using the LDAP Interface

      Learn more
      Identity 101

      Single Sign-On: The Difference Between ADFS vs. LDAP

      Learn more