We have our Okta environment set up to use email address as username. This is done in "okta username format" in Import Settings of LDAP directory integration, we have set it to email address.
So, today when I try to login to Okta using username password, it works even when I enter the LDAP UID, without @abc.com for ex: email - email@example.com but If I enter name (LDAP UID) in username and password as LDAP password, it still works.
Please let me know if this is an expected behavior, if so why ? if not, then would you be able to tell me how can I get rid of this behavior.
Am I right in assuming that our Okta authenticates against email attribute from LDAP ? since this set up was done by one of our co-workers no longer with the firm, I want to know where should I look in Okta to determine against what attribute in LDAP does our Okta authenticate.
Hi Ramanan, To add to Kevin’s response, once Okta locates the right user in the Universal Directory, it knows which user account it corresponds to in LDAP as each has a unique distinguished name. So Okta checks using delegated authentication to confirm that the password entered by the user on logon matches the one on the LDAP account.
To add onto your answer, how does okta locate the right user? is it something we do during initial set up ? if so would it be possible for me to look it up ? for ex: I could see that in import config settings in LDAP - there is a tab which is about passwords, similary I do not find anything about username. I am trying to figure out, what makes Okta determine, that whether the user should enter email address or LDAP user id when they login to Okta?