LDAP integration features
This table lists the features that are available with an Okta LDAP integration.
| Feature | Supported? | Description |
| Delegated Authentication | Yes |
Ability to authenticate user credentials through LDAP for access into Okta. |
| JIT Authentication | Yes | Ability to authenticate user credentials through LDAP for access into Okta, and update group memberships and profile information before access. |
| Instance-level JIT and Delegated Authentication | No | Ability to delegate authentication on a per LDAP-instance level to support more granular authentication scenarios. |
| User import from Directory | Yes | Ability to import user and group details from the directory into Okta. |
| Import filter - OU/container selection | No | Ability to filter users and groups based by specifying an LDAP filter and selecting OUs. |
| Provision to Directory | Yes | Ability to provision user and group details to LDAP. |
| Self-Service PW Reset | Yes | Ability to reset LDAP password in Okta. For more information, see Manage users and About self-service registration. |
Password policies
This table lists the password policies that are available with Okta LDAP integrations.
| Feature | Supported? | Description |
| Minimum Length | Yes | See Security Policies for more information. |
| Complexity Requirements | No | See Security Policies for more information. |
| Common Password Check | No | See Security Policies for more information. |
| Enforce password history for last < X > passwords | No | See Security Policies for more information. |
| Password expires after < X > days | No | See Security Policies for more information. |
| Prompt user < X > days before password expires | No | See Security Policies for more information. |
| Lock out user after < X > unsuccessful attempts | No | See Security Policies for more information. |
| Lock out user after < X number of > minutes | No | See Security Policies for more information. |
| Show lock out failures | No | See Security Policies for more information. |
| Send lock out email to user | No | See Security Policies for more information. |
| Password Soft Lock | No | Ability to lock the Okta account of LDAP-mastered users using password policies, without triggering a lock of the user's LDAP account. |
Password reset
This table lists the password reset options that are available with Okta LDAP integrations.
| Feature | Supported? | Description |
| Self-service recovery options: Email | Yes | Ability to reset the password through email. For more information, see Factor Type Overview and Configuration in Multifactor Authentication . |
| Self-service recovery options: SMS | Yes | Ability to reset the password through a code sent through text message. For more information, see Enable end user self-service password reset using SMS in Manage users. |
| Self-service recovery options: Voice Call | No | Ability to reset the password through a code sent through voice call. |
| Reset, Unlock recovery emails are valid for < X > minutes | No | Ability to configure how long recovery email tokens are valid for. |
| Additional self-service recovery option: Secret questions | No | Ability to reset the password through security questions. |
Infrastructure
This table lists the infrastructure features that are available with Okta LDAP integrations.
| Feature | Supported? | Description |
| Multiple agent polling threads | Yes | Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta LDAP agent threads. |