LDAP integration features

This table lists the features that are available with an Okta LDAP integration.

Feature Supported? Description
Delegated Authentication Yes

Ability to authenticate user credentials through LDAP for access into Okta.

JIT Authentication Yes Ability to authenticate user credentials through LDAP for access into Okta, and update group memberships and profile information before access.
Instance-level JIT and Delegated Authentication No Ability to delegate authentication on a per LDAP-instance level to support more granular authentication scenarios.
User import from Directory Yes Ability to import user and group details from the directory into Okta.
Import filter - OU/container selection No Ability to filter users and groups based by specifying an LDAP filter and selecting OUs.
Provision to Directory Yes Ability to provision user and group details to LDAP.
Self-Service PW Reset Yes Ability to reset LDAP password in Okta. For more information, see Manage users and About self-service registration.

Password policies

This table lists the password policies that are available with Okta LDAP integrations.

Feature Supported? Description
Minimum Length Yes See Security Policies for more information.
Complexity Requirements No See Security Policies for more information.
Common Password Check No See Security Policies for more information.
Enforce password history for last < X > passwords No See Security Policies for more information.
Password expires after < X > days No See Security Policies for more information.
Prompt user < X > days before password expires No See Security Policies for more information.
Lock out user after < X > unsuccessful attempts No See Security Policies for more information.
Lock out user after < X number of > minutes No See Security Policies for more information.
Show lock out failures No See Security Policies for more information.
Send lock out email to user No See Security Policies for more information.
Password Soft Lock No Ability to lock the Okta account of LDAP-mastered users using password policies, without triggering a lock of the user's LDAP account.

Password reset

This table lists the password reset options that are available with Okta LDAP integrations.

Feature Supported? Description
Self-service recovery options: Email Yes Ability to reset the password through email. For more information, see Factor Type Overview and Configuration in Multifactor Authentication .
Self-service recovery options: SMS Yes Ability to reset the password through a code sent through text message. For more information, see Enable end user self-service password reset using SMS in Manage users.
Self-service recovery options: Voice Call No Ability to reset the password through a code sent through voice call.
Reset, Unlock recovery emails are valid for < X > minutes No Ability to configure how long recovery email tokens are valid for.
Additional self-service recovery option: Secret questions No Ability to reset the password through security questions.

Infrastructure

This table lists the infrastructure features that are available with Okta LDAP integrations.

Feature Supported? Description
Multiple agent polling threads Yes Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta LDAP agent threads.