Alex Taylor Internet enthusiast

Okta – Day 5 – Integrating Okta with LDAP-Mastered Users


Okta Basics Curriculum: Integrate Okta with LDAP-Mastered Users

Continuation here from the previous day – instead of AD, we’re going to learn how to integrate users from LDAP.

What is LDAP?

The Lightweight Directory Access Protocol is a vendor-neutral application protocol used to maintain distributed directory info in an organized manner. LDAP stores this data by way of records which contain a set of attributes. Each entry has a unique identifier (a ‘Distinguished Name’ most often seen as ‘DN’).

As with AD, LDAP-Mastered users are authenticated against the external directory, so they log into Okta using the credentials they use for LDAP. Generally, these users cannot change their password within Okta, but Okta Super Admins do have the power to enable this if needed.

Okta has an LDAP integration guide here for further review. We’ll go through most of these steps below. Also worth reviewing is the LDAP integration prerequisites page.

Okta offers an LDAP agent for Windows or Linux and the agent needs to be installed on a server that is on at all times – Okta needs to be able to access this agent regularly. One difference from the AD agent is that Just-in-Time provisioning is automatically enabled with the LDAP agent, which means that users will automatically be activated and updated when they log into Okta.

The LDAP Agent can be downloaded from the dashboard via Directory > Directory Integrations and the install wizard does most of the work.

Ensure that you log in with Super Admin credentials during the permissions pop-up.

Step 2 of the LDAP integration is configuration of the directory mappings. You’ll have the opportunity to select an LDAP version template – this will populate the appropriate fields and you’ll have the opportunity to choose the Okta username format you prefer.

Okta provides a ‘test configuration’ button – you’re looking for a Green box with ‘Validation Successful’ – if that shows up, you’re good to move forward.

That’s all you need on the integration side of things – Your users are free to start activating their accounts by logging into Okta with their LDAP credentials.

About the author

By alexntaylor
Alex Taylor Internet enthusiast

Privacy advocate
Process developer
Product manager

Experience in information security, customer success, compliance and privacy, risk management, identity and access, and service deployment. Former teacher. Always learning.

We should hang out.