LDAP incremental imports and password management
Okta only supports time stamp-based change tracking. To identify changes made since the last import, the agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. uses modifyTimestamp. If your directory supports modifyTimestamp, incremental imports work.
This table identifies support for incremental imports by directory type.
| Directory | Incremental Import |
| Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Lightweight Directory Services (AD LDS) | Not supported. AD LDS uses usnChanged as the change tracking attribute |
| OpenDJ | Supported |
| OpenDS | Supported |
| OpenLDAP | Supported |
| Oracle Internet Directory (OID) | Supported |
| IBM Tivoli DS | Supported |
| Sun One LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. 5.2+, 6.x and 7.x | Supported |
| RadiantOne Directory 7.1 | Supported |