r2wib (r2wib) asked a question.
Hi Members,
I need your assistance in disabling MFA for LDAP Interface.
We have an Application which does NOT support SAML, however we can connect the App to Okta via LDAP Interface for Authentication. We wanted to integrate this App in Okta as SWA type, so that the User can experience SSO to that app with the same Okta credentials.
The problem here is - LDAP Interface is expecting a MFA OTP with the Password, only then Authentication is successful, but this beats all our purpose of SSO. Users cannot access the SWA app with existing Okta session. Does anyone in the past implemented any work around to bypass MFA for LDAP interface? or any other way to disable MFA here?
This is actually strange as we cannot even assign a separate Auth/Sign On policy for LDAP interface. Kindly let me know if any one has any work around for this, any help is much appreciated.
Thank you.
Hello Sandeep,
Please see the article below:
https://support.okta.com/help/s/question/0D51Y00008cicswSAA/how-to-disable-mfa-for-ldap-interface
😳 You are redirecting to the same article.
however, I got some assistance from support team, temporary solution is to Identify all the IPs hitting that LDAP interface and configure an exclude rule in the MFA policy. This works if IPs from your SWA app are static.
The second approach is to configure an Okta Org2Org tenant, sync all your Users (configure provisioning from old to new) and enable LDAP Interface in the new tenant. Make sure there are no MFA policies configured for new tenant. Now, use the new Okta tenant as LDAP Server. This is NOT a straight forward approach, but can be a workaround if really needed.