Install the Okta LDAP agent

Install the Okta LDAP agent to let your users authenticate to Okta using their LDAP credentials without replicating those credentials into the cloud.

Install the LDAP agent in a Linux environment

  1. On the host server, sign in to Okta using an Okta admin account with Super admin permissions, to access the Admin Console.
  2. Download the Okta LDAP agent:
    1. In the Admin Console, go to Directory > Directory Integrations.
    2. Click Add Directory > Add LDAP Directory.
    3. Review the installation requirements, and then click Set Up LDAP.
    4. Click Download Agent and select Download RPM Installer or Download DEB Installer.
  3. Install the Okta LDAP agent agent on your Linux server:
    1. Sign in to your Linux server as the root user.
    2. Copy the agent .rpm or .deb file to a scratch directory.
    3. Open a command prompt and cd to the scratch directory.
    4. Run one of the following commands to install the agent:

RPM:

yum localinstall OktaLDAPAgent_xx.xx.xx.x86_64.rpm

Debian: 

dpkg -i OktaLDAPAgent_xx.xx.xx_amd64.deb

The installation process reports the total size of the installation and prompts you to continue.

Install the LDAP agent in a Windows environment

  1. On the host server, sign in to Okta using an Okta admin account with Super admin permissions, to access the Admin Console.
  2. Download the Okta LDAP agent:
    1. In the Admin Console, go to Directory > Directory Integrations.
    2. Click Add Directory > Add LDAP Directory.
    3. Review the installation requirements, and then click Set Up LDAP.
    4. Click Download Agent, select Download EXE Installer and download it to your Windows server.
  3. On the host server, double click the file and then click Run.
    1. If the message displays Do you want to allow the following program to make changes to this computer?, click Yes.
    2. Click Next.
    3. Accept the license agreement and click Next.
    4. Accept the default installation folder location, or click Browse to select another location, and click Install.
    5. Optional. If you want to enable LDAP over SSL (LDAPS), complete Enable LDAP over SSL, and then continue with this procedure.
    6. On the LDAP configuration screen, enter the following information:
      • LDAP Server —  Enter the LDAP host and port in the form of host:port. For example: ldap.mycompany.com:389.
      • Root DN —  The root distinguished name of the DIT from which users and groups are searched.
      • Bind DN —  The distinguished name of the bind LDAP user that is used to connect to the LDAP directory by the agent.
      • Bind Password — The password of the bind distinguished name that is used to connect to the LDAP directory by the agent.
      • Optional. Use SSL connection —  Select if you have enabled LDAP over SSL (LDAPS). (Note: If you select this without performing the steps in Enable LDAP over SSL, the error Failed to connect to the specified LDAP server displays.)
  4. Click Next.
  5. Optional. Enter a proxy server for the Okta LDAP agent on the Okta LDAP Agent Proxy Configuration page, and then click Next.

If the LDAP proxy server returns its own schema, issues importing user data can occur when the proxy server schema and LDAP server schemas are different. To avoid data importation issues, make sure the LDAP proxy server and LDAP server schemas are identical.

  1. To register the Okta LDAP agent with the Okta service, enter your Okta subdomain name, and then click Next.
  2. On the Okta Sign In page, enter the username and password for your Okta admin account, and then click Sign In.
  3. Click Allow Access to access the Okta API. Note: If an error message appears, see Locate the Okta LDAP agent log.
  4. Click Finish.
  5. Configure the LDAP integration settings. See Configure LDAP integration settings.

Next steps

Configure LDAP integration settings