Does OKTA support import of a user from OKTA to the LDAP (integrated with it) ?
We are doing a POC for OKTA and recently added the LDAP agent to OKTA and did an import of the users from LDAP. What we were wondering was does OKTA supports addition of users from its UI and that automatically integrates with our LDAP in the back end. A particular use case can be - we added a new user to OKTA and then in turn that person using his/her email gets access to OKTA. After that can we use OKTA to add that person to our LDAP directory in the back end? That way we can use OKTA as one single place to add people and give access to our custom applications , resources etc. Also once I add that person I can put him in any group in LDAP as well and then proceed from there.
What I researched and found out is currently OKTA doesn't supports that ( I have raised a case for the same - https://support.okta.com/help/Case_Detail?id=500F000000l82HDIAY) . Also , in this page(https://support.okta.com/help/articles/Knowledge_Article/Introducing-LDAP-Imports ) it was mentioned that right now writing to LDAP is a part of Future Enhancement. I wanted to bring this topic to the attention of the community and would like to ask your opinion on the same? Also, if you can point out some possible workaround for this that would be great as well.
As you mentioned, the write to LDAP feature is a future enhancement. We’re targeting this year (exact timeframe is TBD). Other customers who needed to write to LDAP have written a custom connector with our On-Premises Provisioning (OPP product). However, that requires development time. We recommend waiting for the upgraded LDAP capabilities to support this.
We discovered that Okta's LDAP agent didn't write to LDAP and it definitely ruined our day. Originally when we asked about LDAP integration, we were shown all the Active Directory agent functionality. We are very much looking forward to this feature enhancement.
Hello. Any update on the LDAP agent being able to provision an account in LDAP? The scenario I'm looking for is the ability to create a group in Okta and add an LDAP directory to it. Anyuser would then becomes a member of the group would get an account provisioned in LDAP. I believe this scenario can be realized today but the with AD where a provisioning group can be created and AD added to it., and the AD agent will provision to AD.