LDAP incremental imports and password management

Okta only supports time stamp-based change tracking. To identify changes made since the last import, the agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. uses modifyTimestamp. If your directory supports modifyTimestamp, incremental imports work.

This table identifies support for incremental imports by directory type.

Directory Incremental Import
Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Lightweight Directory Services (AD LDS) Not supported. AD LDS uses usnChanged as the change tracking attribute
OpenDJ Supported
OpenDS Supported
OpenLDAP Supported
Oracle Internet Directory (OID) Supported
IBM Tivoli DS Supported
Sun One LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. 5.2+, 6.x and 7.x Supported
RadiantOne Directory 7.1 Supported