Overview of Directories and On Premises Infrastructure Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka0f0000000ay1zkag&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2f28049648-overview-of-directories-and-on-premises-infrastructure
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Overview of Directories and On Premises Infrastructure
Published: Jan 13, 2015   -   Updated: Jun 22, 2018

For most companies, Microsoft Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) directories such as SunOne or Oracle Internet Directory play the central role in coordinating identity and access management policies. AD/LDAP typically serves as a “source of truth” for user identities and provides access control to on-premises resources such as networks, file servers, and web applications.

When on-premises applications are integrated to Active Directory or LDAP, users get the best possible experience: they log in to their domain once and are granted access to the appropriate resources. Administrators benefit too—they maintain clear control over who has access to what. This model is ubiquitous because it works well with LAN-based architectures (where applications are served from hardware inside the firewall). However, this approach begins to break down as enterprises shift to cloud-based applications, and a new solution is needed.

Combining Directories and the Cloud

In most enterprises, Microsoft Active Directory (AD) is the authoritative user directory that governs access to basic IT services such as email and file sharing. Often, AD is also used to control access to a broader set of business applications and IT systems.

SaaS applications are each developed with their own native user directories that control direct access to their individual services. And, because they run outside of the firewall, SaaS applications have traditionally been beyond the reach of Active Directory.

One of the many features of the Okta service is the industry’s most unified, comprehensive, and easy-to-use Active Directory integration solution. The Okta service and Active Directory integration component provide all the following features.

  • A complete end-to-end solution that requires no services to install. It is self-configurable and contains secure integration with your existing AD infrastructure.
  • A large catalog of pre-integrated business and personal applications, including a single sign-on home page for every user that offers one-click access to all of their web applications.
  • An integrated administrative experience that allows you to manage users, applications, and your AD integration from one console, anywhere, anytime, and on multiple devices.
  • A 100 percent on-demand offering. Okta’s core service is a multi-tenant solution with a very light footprint and an AD agent that installs locally, but without any appliances to buy or maintain.
  • A single AD integration that enables you to configure once and then federate Active Directory across all of your SaaS applications.
  • Application integrations that are maintained for you. Okta manages and updates the integrations so you never have to worry about continued seamless integration as underlying applications change.
  • Outbound AD connection over HTTPS. Okta’s lightweight agent makes a secure, outbound-only connection over HTTPS—no firewall configuration changes are required.
  • Out-of-band authentication. Okta authenticates a user with the SaaS application and then gets out of the way. All ongoing traffic is between the user and the application.

Using AD with Okta

Okta offers the industry’s most complete, robust and easy to use Active Directory integration that spans authentication as well as user provisioning and deprovisioning. Like the core service itself, the Okta AD integration is also very easy to set up, manage and architected for high availability.

The Active Directory Integration automatically has the following default settings enabled.

  • Delegated Authentication is enabled.
  • Just in Time Provisioning is enabled.
  • The import schedule default is set to 60 minutes.

For detailed instructions on using AD with Okta, see Installing and Configuring the Active Directory Agent and the attached Okta Active Directory Deployment Guide.