Get started with LDAP integration

Start here if you're new to Okta LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. integrations, you want to review integration prerequisites and known issues, you want help planning your integration, or you want to quickly locate support information.

Enterprise applications such as Customer Relationship Management (CRM), human resources, and email use the Lightweight Directory Access Protocol (LDAP) internet protocol to authenticate users and retrieve information from network servers. LDAP is a critical component of your enterprise and it is likely that significant time and money has been spent integrating your applications, network tools, servers, and devices with LDAP. As your enterprise grows, the need for a centralized user authentication and management solution becomes critical. The Okta LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. allows delegated authentication to an on-premises LDAP server, meaning end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. can authenticate to Okta using their local LDAP credentials without replicating those credentials into the cloud. The Okta LDAP agent can also make Okta the main source of truth for your enterprise. This solution can be implemented without the need for additional servers or firewall changes.