Do more with Okta's Extended LDAP Integration Feature Set Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Do more with Okta's Extended LDAP Integration Feature Set
Published: Feb 7, 2018   -   Updated: Jun 22, 2018
Current Release Status: EA

In this video Eric Karlinsky provides an in-depth overview of Okta's extended LDAP integration feature set.

User-added image

User-added image

Best Practices

  • Import Types: Scheduled for employees and incremental for Customers (avoid licensing costs, minimize bandwidth, improve performance).
  • Incremental Imports should be used for very large LDAP directories to improve performance.
  • For better performance, make sure that your LDAP directory has paging enabled. This allows the Okta agent to process end users in batches, rather than all at once.


Q: Which LDAP directories does Okta support?
A: That’s a good one. Because the LDAPv3 specification is broad, while Okta should work with any LDAP directory out there, we can’t possibly test our agent against everything. So we test against the most popular versions—you can chceck the support site for the official list—but don’t let that discourage you from giving this feature a try on your LDAP directory of choice. Let us know if you hit any snags, and we’ll do our best to get it working.

Q: Can Okta replace my LDAP directory completely?
A: This one is complicated too. For very large, heavily customized, or otherwise complex LDAP deployments or for scenarios where LDAP is used for device authentication, you’re better off keeping that directory and integrating it with Okta for imports and authentication. But some of our customers have simple authentication needs. For example, they have applications which support LDAP authentication only, and that’s basically the only reason they’re keeping their LDAP servers around. For these scenarios, Okta will soon provide an LDAP interface, which may obviate the need for an LDAP server. Stay tuned for updates on that Interface.

Helpful Documentation: