LDAP integration features

This table lists the features that are available with an Okta LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. integration.

Feature	Supported?	Description
Delegated AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect.	Yes	Ability to authenticate user credentials through LDAP for access into Okta.
JIT Authentication	Yes	Ability to authenticate user credentials through LDAP for access into Okta, and update group memberships and profile information before access.
InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance.-level JIT and Delegated Authentication	No	Ability to delegate authentication on a per LDAP-instance level to support more granular authentication scenarios.
User import from Directory	Yes	Ability to import user and group details from the directory into Okta.
Import filter - OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority./container selection	No	Ability to filter users and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. based by specifying an LDAP filter and selecting OUs.
Provision to Directory	Yes	Ability to provision user and group details to LDAP. Pushing users, password, and groups from LDAP to Okta.
Self-Service PW Reset	Yes	Ability to reset LDAP password in Okta. For more information, see Manage users and Enable self-service registration.

Password policies

This table lists the password policies that are available with Okta LDAP integrations.

Feature	Supported?	Description
Minimum Length	Yes	See Security Policies for more information.
Complexity Requirements	No	See Security Policies for more information.
Common Password Check	No	See Security Policies for more information.
Enforce password history for last < X > passwords	No	See Security Policies for more information.
Password expires after < X > days	No	See Security Policies for more information.
Prompt user < X > days before password expires	No	See Security Policies for more information.
Lock out user after < X > unsuccessful attempts	No	See Security Policies for more information.
Lock out user after < X number of > minutes	No	See Security Policies for more information.
Show lock out failures	No	See Security Policies for more information.
Send lock out email to user	No	See Security Policies for more information.
Password Soft Lock	No	Ability to lock the Okta account of LDAP-mastered users using password policies, without triggering a lock of the user's LDAP account.

Password reset

This table lists the password reset options that are available with Okta LDAP integrations.

Feature	Supported?	Description
Self-service recovery options: Email	Yes	Ability to reset the password through email. For more information, see Factor Type Overview and Configuration in Multifactor Authentication .
Self-service recovery options: SMS	Yes	Ability to reset the password through a code sent through text message. For more information, see Enable end user self-service password reset using SMS in Manage users.
Self-service recovery options: Voice Call	No	Ability to reset the password through a code sent through voice call.
Reset, Unlock recovery emails are valid for < X > minutes	No	Ability to configure how long recovery email tokens are valid for.
Additional self-service recovery option: Secret questions	No	Ability to reset the password through security questions.

Infrastructure

This table lists the infrastructure features that are available with Okta LDAP integrations.

Feature	Supported?	Description
Multiple agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. polling threads	Yes	Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta LDAP agent threads.

Top