Set up and manage the LDAP Interface
The LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. Interface uses Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. for authentication instead of an LDAP server or Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD). The LDAP Interface lets you use Okta to centralize and manage your LDAP policies, users, and applications that support the LDAP authentication protocol.
The LDAP Interface is a cloud proxy that consumes LDAP commands and translates them to Okta API calls, providing a straightforward path to authenticate legacy LDAP apps in the cloud. To enhance security, you can also add Multi-Factor AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. (MFA) to your LDAP apps with Okta Verify Push and One-Time-Password (OTP).
The LDAP Interface lets you connect LDAP applications to Okta Universal Directory without installing and maintaining Okta LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.s:
The Okta LDAP agent synchronizes user profiles to or from an existing LDAP directory. The LDAP interface lets you migrate certain applications from LDAP or AD servers to Okta.
The Okta LDAP agent is usually deployed inside your firewall. The LDAP interface is managed in the cloud.
LDAP interface authentication policies go through the Okta sign on policy. To implement MFA for your LDAP apps, you can set up network zones for the LDAP apps that connect to Okta and then you apply MFA policies to these zones. Any connections coming from the LDAP apps are required to use MFA. You can also use policies to prevent MFA from being required when accessing LDAP apps.
- LDAP interface known limitations
- LDAP Interface connection settings
- Enable the LDAP interface
- Use case: Set up LDAP Interface for JIRA
- Use multifactor authentication with the LDAP Interface
- LDAP interface pagination control
- LDAP interface troubleshooting