LDAP integration prerequisites

Before you start an LDAP integration, ensure that you have:

• An Okta Super admin account to connect the agent with your Okta org.
• An LDAP user to perform binds and queries from the agent to your LDAP directory. This user must be able to look up users, groups, and roles in the Directory Information Tree (DIT).

• The modifyTimestamp attribute indexed on your LDAP server. This improves the performance of incremental imports.

Agent requirements

You can use a Windows or Linux agent to connect LDAP with your Okta org. If you're upgrading from a version 4.x agent or earlier to a version 5.x agent, uninstall the old agent before installing the new one.

Windows agent requirements

• The host server must be running Windows server 2012, Windows server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows server 2022.
• The Windows server must be able to reach the LDAP host and port.
• The TLS 1.2 security protocol must be enabled with the following registry key settings: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Linux agent requirements

• Linux-based agent must be installed on an RPM-enabled Linux distribution, such as CentOS or Red Hat.
• DPKG-enabled Linux distributions are also supported, such as Debian or Ubuntu.