LDAP integration prerequisites

Before you start an LDAP integration, ensure that you have:

  • An Okta admin account to connect the agent with your Okta org. This account must have the manage directories, manage agents, and register agents permissions. A best practice is to create a custom admin role that has these permissions. Assign that role to an Okta account to connect the agent to Okta. See Create a role and Agent permissions.

    For greater security, consider requiring your admins to use MFA to access the Admin Console. See Enforce MFA to access the Admin Console

  • An LDAP user to perform binds and queries from the agent to your LDAP directory. This user must be able to look up users, groups, and roles in the Directory Information Tree (DIT).

  • The modifyTimestamp attribute indexed on your LDAP server. This improves the performance of incremental imports.

Agent requirements

You can use a Windows or Linux agent to connect LDAP with your Okta org. If you're upgrading from a version 4.x agent or earlier to a version 5.x agent, uninstall the old agent before installing the new one.

Windows agent requirements

  • The host server must be running Windows server 2012, Windows server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows server 2022.
  • The Windows server must be able to reach the LDAP host and port.
  • The TLS 1.2 security protocol must be enabled with the following registry key settings: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Linux agent requirements

  • Linux-based agent must be installed on an RPM-enabled Linux distribution, such as CentOS or Red Hat.
  • DPKG-enabled Linux distributions are also supported, such as Debian or Ubuntu.