Set up and manage the LDAP Interface

The LDAP Interface uses Universal Directory for authentication instead of an LDAP server or Active Directory (AD). The LDAP Interface lets you use Okta to centralize and manage your LDAP policies, users, and applications that support the LDAP authentication protocol.

The LDAP Interface is a cloud proxy that consumes LDAP commands and translates them to Okta API calls, providing a straightforward path to authenticate legacy LDAP apps in the cloud.

To enhance security, you can also add Multi-Factor Authentication (MFA) to your LDAP apps with Okta Verify Push and Okta Verify Time-based One-Time-Password (TOTP).

The LDAP Interface lets you connect LDAP applications to Okta Universal Directory without installing and maintaining Okta LDAP Agents:

The Okta LDAP Agent synchronizes user profiles to or from an existing LDAP directory. The LDAP interface lets you migrate certain applications from LDAP or AD servers to Okta.

The Okta LDAP Agent is usually deployed inside your firewall. The LDAP interface is managed in the cloud.

LDAP interface authentication policies go through the Okta sign on policy. To implement MFA for your LDAP apps, you can set up network zones for the LDAP apps that connect to Okta and then you apply MFA policies to these zones. Any connections coming from the LDAP apps are required to use MFA. You can also use policies to prevent MFA from being required when accessing LDAP apps.