LDAP integration prerequisites

Before you start an LDAP integration, ensure that you have:

  • An Okta Super admin account to connect the agent with your Okta org.
  • An LDAP user to perform binds and queries from the agent to your LDAP directory. This user must be able to look up users, groups, and roles in the Directory Information Tree (DIT).
  • The modifyTimestamp attribute indexed on your LDAP server. This improves the performance of incremental imports.

Agent requirements

You can use a Windows or Linux agent to connect LDAP with your Okta org. If you're upgrading from a version 4.x agent or earlier to a version 5.x agent, uninstall the old agent before installing the new one.

Windows agent requirements

  • Okta recommends installing Windows server 2012, Windows server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows server 2022 on the host server.
  • The Windows server must be able to reach the LDAP host and port.
  • The Windows server must be running IE 10 or later.
  • The TLS1.2 security protocol must be enabled with the following regkey settings:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Linux agent requirements

  • Linux-based agent must be installed on an RPM-enabled Linux distribution such as CentOS or Red Hat.
  • DPKG enabled Linux distributions such as Debian or Ubuntu are also supported.