LDAP integration features
This table lists the features that are available with an Okta LDAP integration.
|
Feature |
Supported |
Description |
|---|---|---|
| Delegated Authentication | Yes |
Ability to authenticate user credentials through LDAP for access into Okta. |
| JIT Authentication | Yes | Ability to authenticate user credentials through LDAP for access into Okta, and update group memberships and profile information before access. |
| Instance-level JIT and Delegated Authentication | No | Ability to delegate authentication on a per LDAP-instance level to support more granular authentication scenarios. |
| User import from Directory | Yes | Ability to import user and group details from the directory into Okta. |
| Import filter - OU/container selection | No | Ability to filter users and groups based by specifying an LDAP filter and selecting OUs. |
| Provision to Directory | Yes | Ability to provision user and group details to LDAP. |
| Self-Service PW Reset | Yes | Ability to reset LDAP password in Okta. For more information, see Manage users and About self-service registration. |
|
Group Password Policy |
Yes |
Group Password Policy functionality lets you define password policies and associated rules to enforce password settings at the group level. This functionality is available on these directories: Active Directory Lightweight Directory Services (AD LDS), eDirectory, IBM, OpenDJ, OpenLDAP, Oracle Directory Server Enterprise Edition (ODSEE), and Oracle Unified Directory (OUD). See Supported LDAP directories. |
Password reset
This table lists the password reset options that are available with Okta LDAP integrations.
|
Feature |
Supported |
Description |
|---|---|---|
| Self-service recovery options: Email | Yes | Ability to reset the password through email. For more information, see Factor Type Overview and Configuration in Multifactor Authentication . |
| Self-service recovery options: SMS | Yes | Ability to reset the password through a code sent through text message. For more information, see Enable end user self-service password reset using SMS in Manage users. |
| Self-service recovery options: Voice Call | No | Ability to reset the password through a code sent through voice call. |
| Reset, Unlock recovery emails are valid for < X > minutes | No | Ability to configure how long recovery email tokens are valid for. |
| Additional self-service recovery option: Secret questions | No | Ability to reset the password through security questions. |
Infrastructure
This table lists the infrastructure features that are available with Okta LDAP integrations.
|
Feature |
Supported |
Description |
|---|---|---|
| Multiple agent polling threads | Yes | Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta LDAP agent threads. |