Connecting to Okta using the LDAP Interface

The LDAP Interface allows cloud-based LDAP authentication against Universal Directory instead of an LDAP server or Active Directory (AD). Because these apps are authenticated against Universal Directory, Okta can control access and centralize credentials for applications that support the LDAP authentication protocol.

The LDAP Interface is a cloud proxy that consumes LDAP commands and translates them to Okta API calls, providing a straightforward path to authenticate legacy LDAP apps in the cloud. This also enables you to centralize and manage all your LDAP resources (policies, users, apps) within Okta. You can also add seamless MFA to your LDAP apps with Okta Verify Push and OTP, providing an extra layer of security.

With typical LDAP integrations, a physical Okta LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. is required. The LDAP Interface allows you to connect LDAP applications to Okta Universal Directory without installing and maintaining physical LDAP agents: