LDAP integration prerequisites
The following are the prerequisites for LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. integrations:
- For Windows Agents, Windows Server 2008 R2 or later, including Windows Server 2019, is required. The Windows server must be able to reach the LDAP host and port.
You must be running IE 10 or later on your Windows Server.
- For Windows Agents, the TLS1.2 security protocol must be enabled with the following regkey settings:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. ] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000
- For Linux Agents, the Linux-based agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. must be installed on an RPM-enabled Linux distribution such as CentOS or Red Hat. DPKG enabled Linux distributions such as Debian or Ubuntu are also supported.
- An Okta Super adminThe super admin receives full access to every item in the Administrative Console and is the only role that can assign administrator roles to other user accounts. Accounts with other administrator role assignments have reduced functionalities to different permission sets. Contact Okta support to create an Okta Mastered account with Super Admin rights. account to connect the agent with your Okta orgThe Okta container that represents a real-world organization..
- An LDAP user to perform binds and queries from the agent to your LDAP directory. This user must be able to look up users, and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. or roles in the Directory Information Tree (DIT).
If you are upgrading from a version 4.x agent or earlier to a version 5.x agent, uninstall the old agent before installing the new agent.
To improve the performance of incremental import, the modifyTimestamp attribute should be indexed on your LDAP server.