Bidirectional Group Management with LDAP
Bidirectional Group Management with Lightweight Directory Access Protocol (LDAP) allows you to manage LDAP groups from within Okta. You can add or remove users from groups based on their identity and access requirements. This ensures that changes made to user access in Okta are reflected in LDAP.
Okta can only manage group memberships for users and groups imported into Okta using the LDAP integration. It isn't possible to manage users and groups that weren't imported through LDAP integration or are outside the organizational unit's scope for the integration using this feature.
Workflows for Bidirectional Group Management
You can use the Update an external directory group membership API to create custom Okta Workflows designed for Bidirectional Group Management. Use the API to add or remove users and configure an event trigger with Workflows Connectors to automate the API calls. This enables you to customize on-premises group management actions based on events available within Workflows.