Install the Okta LDAP Agent
Install the Okta LDAP Agent to let your users authenticate to Okta using their LDAP credentials without replicating those credentials into the cloud.
Install the LDAP agent in a Linux environment
- On the host server, sign in to Okta using an Okta admin account with super admin permissions to access the Admin Console.
- Download the Okta LDAP Agent:
- In the Admin Console, go to .
- Click .
- Review the installation requirements, and then click Set Up LDAP.
- Click Download Agent and select Download RPM Installer or Download DEB Installer.
- Install the Okta LDAP Agent agent on your Linux server:
- Sign in to your Linux server as the root user.
- Copy the agent .rpm or .deb file to a scratch directory.
- Open a command prompt and cd to the scratch directory.
- Run one of the following commands to install the agent:
Install an RPM package:
yum localinstall OktaLDAPAgent_xx.xx.xx.x86_64.rpm
Install a Debian package:
dpkg -i OktaLDAPAgent_xx.xx.xx_amd64.deb
The installation process reports the total size of the installation and prompts you to continue.
- Optional. Perform the steps to Enable LDAP over SSL.
- Run the configure_agent.sh script to finish configuring the agent.
Install the LDAP agent in a Windows environment
- On the host server, sign in to Okta using an Okta admin account with super admin permissions to access the Admin Console.
- Download the Okta LDAP Agent:
- In the Admin Console, go to .
- Click .
- Review the installation requirements, and then click Set Up LDAP.
- Click . Download the installer to your Windows server.
- Launch the installer on the host server. Click Run.
- If the message that appears is Do you want to allow the following program to make changes to this computer?, click Yes.
- Click Next.
- Accept the license agreement and click Next.
- Accept the default installation folder location, or click Browse to select another location, and click Install.
- Optional. If you want to enable LDAP over SSL (LDAPS), complete Enable LDAP over SSL, and then continue with this procedure.
- On the LDAP configuration page, enter the following information:
- LDAP Server: Enter the LDAP host and port in the form of host:port. For example: ldap.mycompany.com:389.
- Root DN: The root distinguished name of the directory information tree (DIT) from which users and groups are searched.
- Bind DN: The distinguished name of the bind LDAP user that's used to connect to the LDAP directory by the agent.
- Bind Password: The password of the bind distinguished name that's used to connect to the LDAP directory by the agent.
- Optional. Use SSL connection: Select if you have enabled LDAP over SSL (LDAPS). (Note: If you select this without performing the steps in Enable LDAP over SSL, the error Failed to connect to the specified LDAP server appears.)
- Click Next.
- Optional. Enter a proxy server for the Okta LDAP Agent on the Okta LDAP Agent Proxy Configuration page, and then click Next.
If the LDAP proxy server returns its own schema, issues importing user data can occur when the proxy server schema and LDAP server schemas are different. To avoid data importation issues, make sure that the LDAP proxy server and LDAP server schemas are identical.
- To register the Okta LDAP Agent with the Okta service, enter your Okta subdomain name, and then click Next.
- On the Okta Sign In page, enter the username and password for your Okta admin account, and then click Sign In.
- Click Allow Access to access the Okta API. Note: If an error message appears, see Locate the Okta LDAP agent log.
- Click Finish.
- Configure the LDAP integration settings. See Configure LDAP integration settings.