In this video, Marcus Hartwig provides an in-depth overview of a new method for connecting to an existing user store within Okta.
 

• Okta can be interfaced with using LDAP calls and queries.
• No need to store users in an external LDAP directory.
• Additional servers are not required, and the existing servers do not need to be exposed to the DMZ.
• Point to existing apps directly to Okta and authenticate users against Okta.
• MFA can be added to the LDAP authentication flows.
• LDAP3 compliant.

Best Practices

• Use AuthN for Apps that do not use wildcard searches and basic Auth.
• Use Okta's LDAP Agent for Apps that use wildcard searches.
• Even though the features support Open TLS on port 389, we recommend using LDAPS.

Troubleshooting Tips

• To avoid issues when configuring the LDAP Interface, ensure the UID Name is an Okta Username.
• To avoid issues with MFA, ensure users have been enrolled in PRE-LDAP.
• In some cases, there is no need to trust the Root CA used by Okta.