LDAP Interface connection settings

The following table lists the values that might be required to connect to the Okta LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. Interface.

Key Value
Host Name

<orgThe Okta container that represents a real-world organization._subdomain>.ldap.<domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).>.com

where <domain> is either oktapreview, okta, or okta-emea.


StartTLS on port 389


LDAPS on port 636.

Base DN

[<ouAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.=users or groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.>],<dc=org_subdomain>, dc=<domain> , dc=com

where <domain> is either oktapreview, okta, or okta-emea.

User ID/Bind DN


where <domain> is either oktapreview, okta, or okta-emea.

Note: Must be an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. but can be a Read-only admin.


<password for the admin user>

Additional User DN ou=Users
User Object class inetOrgPerson
User Name Attribute uid
User Password Attribute Okta does not expose passwords.
Group Object Class groupofUniqueNames
Group Object Filter
Group Members Attribute uniqueMember
User Members Attribute


Note: memberOf is not an indexed value. Using memberOf will result in significantly slower search times.