LDAP integration known limitations

The following table lists the known issues with Okta LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. integrations.

Feature	Comments
LDAP Connection	The LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. is supported with all LDAP v3 servers (RFC 4510 compliant). It has been tested with the following: Active Directory Lightweight Directory Services (AD LDS) eDirectory IBM OpenDJ OpenLDAP Oracle Directory Server Enterprise Edition (ODSEE) Oracle Internet Directory (OID) Notable known directories or features not supported via LDAP agent: AD DS (Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.) — use the Okta AD agent. Novell eDirectory.
Scenarios	Object Lifecycle Management Group Management Password Management Notable features not supported by the LDAP Agent: Group Password Policy Per-instance Delegated AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. (more info about what this means here) Group Push Note: The Okta LDAP agent is not recommended for large-scale LDAP migrations.
Operations	The following operations are supported on all LDAP directories: Full Import User provisioning The following operations are only supported on specified directories: Incremental Imports Set Password Change Password
Schema	The LDAP agent automatically detects user schema based on the user objectClass specified Supports structural classes, auxiliary classes for users

Top