LDAP Interface connection settings

This table lists the values that might be required to connect to the Okta LDAP Interface.

Field Value


The name of the server

Directory Type

The server type
Hostname <org_subdomain>.ldap.<domain>.com, where <domain> is either oktapreview, okta, or okta-emea.
Port StartTLS on port 389


LDAPS on port 636

Username uid=<username>,<dc=org_subdomain>,dc=<domain>,dc=com, where <domain> is either oktapreview, okta, or okta-emea

Must have admin permissions, but can be a read-only admin

Password <password for the admin user>
Base DN [ou=<users or groups>],<dc=org_subdomain>, dc=<domain>, dc=com , where <domain> is either oktapreview, okta, okta-emea, or okta-gov.com
Additional User DN ou=users

Additional Group DN

User Object Class inetOrgPerson

User Object Filter

User Name Attribute uid

User Name RDN Attribute

User First Name Attribute givenName

User Last Name Attribute


User Display Name Attribute


User Email Attribute

Group Object Class groupofUniqueNames
Group Object Filter (objectclass=groupOfUniqueNames)
Group Name Attribute cn

Group Description Attribute


Group Members Attribute

User Membership Attribute memberOf

Note that memberOf is not an indexed value and its use could result in significantly slower search times

Use the User Membership Attribute

Select to use the user's membership attribute to determine group membership