LDAP integration features
This table lists the features that are available with an Okta LDAP integration.
Feature |
Supported |
Description |
---|---|---|
Delegated Authentication | Yes |
Ability to authenticate user credentials through LDAP for access into Okta. |
JIT Authentication | Yes | Ability to authenticate user credentials through LDAP for access into Okta, and update group memberships and profile information before access. |
Instance-level JIT and Delegated Authentication |
No |
Ability to delegate authentication on a per LDAP-instance level to support more granular authentication scenarios. |
User import from Directory | Yes | Ability to import user and group details from the directory into Okta. |
Import filter - OU/container selection | No | Ability to filter users and groups based by specifying an LDAP filter and selecting OUs. |
Provision to Directory | Yes | Ability to provision user and group details to LDAP. |
Self-Service PW Reset | Yes | Ability to reset LDAP password in Okta. For more information, see Manage users and About self-service registration. |
Group Password Policy |
Yes |
Group Password Policy functionality lets you define password policies and associated rules to enforce password settings at the group level. This functionality is available on these directories: Active Directory Lightweight Directory Services (AD LDS), eDirectory, IBM, OpenDJ, OpenLDAP, Oracle Directory Server Enterprise Edition (ODSEE), and Oracle Unified Directory (OUD). See Supported LDAP directories. |
Password reset
This table lists the password reset options that are available with Okta LDAP integrations.
Feature |
Supported |
Description |
---|---|---|
Self-service recovery options: Email | Yes | Ability to reset the password through email. For more information, see Factor Type Overview and Configuration in © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners.. |
Self-service recovery options: SMS | Yes | Ability to reset the password through a code sent through text message. For more information, see Enable end user self-service password reset using SMS in Manage users. |
Self-service recovery options: Voice Call | No | Ability to reset the password through a code sent through voice call. |
Reset, Unlock recovery emails are valid for < X > minutes | No | Ability to configure how long recovery email tokens are valid for. |
Additional self-service recovery option: Secret questions | No | Ability to reset the password through security questions. |
Infrastructure
This table lists the infrastructure features that are available with Okta LDAP integrations.
Feature |
Supported |
Description |
---|---|---|
Multiple agent polling threads | Yes | Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta LDAP agent threads. |