Set up and manage the LDAP Interface

The LDAP Interface uses Universal Directory for authentication instead of an LDAP server or Active Directory (AD). The LDAP Interface lets you use Okta to centralize and manage your LDAP policies, users, and applications that support the LDAP authentication protocol.

The LDAP Interface is a cloud proxy that consumes LDAP commands and translates them to Okta API calls, providing a straightforward path to authenticate legacy LDAP apps in the cloud.

To enhance security, you can also add Multifactor Authentication (MFA) to your LDAP apps with Okta Verify Push and Okta Verify Time-based One-Time-Password (TOTP).

The LDAP Interface lets you connect LDAP applications to Okta Universal Directory without installing and maintaining Okta LDAP Agents:

The Okta LDAP Agent synchronizes user profiles to or from an existing LDAP directory. The LDAP interface lets you migrate certain applications from LDAP or AD servers to Okta.

The Okta LDAP Agent is usually deployed inside your firewall. The LDAP interface is managed in the cloud.

Global session policies control LDAP Interface authentication policies. You can choose whether to require MFA. See Add global session policy for LDAP authentication.

Topics

• LDAP Interface known limitations
• LDAP Interface connection settings
• Enable the LDAP interface
• Add global session policy for LDAP authentication
• Expose app groups in the LDAP interface directory information tree
• Use multifactor authentication with the LDAP Interface
• LDAP interface pagination control
• LDAP interface troubleshooting