LDAP integration prerequisites

The following are the prerequisites for LDAP integrations:

  • For Windows Agents, Windows Server 2008 R2 or later, including Windows Server 2019, is required. The Windows server must be able to reach the LDAP host and port.

    Note: You must be running IE 10 or later on your Windows Server.

  • For Windows Agents, the TLS1.2 security protocol must be enabled with the following regkey settings:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

  • For Linux Agents, the Linux-based agent must be installed on an RPM-enabled Linux distribution such as CentOS or Red Hat. DPKG enabled Linux distributions such as Debian or Ubuntu are also supported.
  • An Okta Super admin account to connect the agent with your Okta org.
  • An LDAP user to perform binds and queries from the agent to your LDAP directory. This user must be able to look up users, and groups or roles in the Directory Information Tree (DIT).
  • If you are upgrading from a version 4.x agent or earlier to a version 5.x agent, uninstall the old agent before installing the new agent.

  • To improve the performance of incremental import, the modifyTimestamp attribute should be indexed on your LDAP server.