Skip to main content

Tutorial: Integrate Okta with Access Server via LDAP

Abstract

Configuring Okta to integrate with Access Server can be done with LDAP. This requires requesting the LDAP Interface feature added to your Okta account.

Overview

Configuring Okta to integrate with Access Server can be done with LDAP. This requires requesting the LDAP Interface feature added to your Okta account.

The following pieces will make up the LDAP integration between Okta and Access Server:

  • An active LDAP Interface in your Okta directory integrations.

  • An Okta Read-Only admin account as your bind user.

  • Defining the configuration for the bind in Access Server.

integrate-okta-ldap.jpg

Prerequisites

  • An installed Access Server.

  • An Okta directory.

Step 1: Create a bind user

  1. Sign in to the Okta Admin Console with Super admin privileges.

  2. Click Directory > People.

  3. Click Add Person and enter a username to distinguish them as the LDAP bind user.

  4. After activating the user, click Security > Administrators.

  5. Click Add Administrator and type your new user's name in the Grant administrator role to field.

  6. Click Read Only Administrator.

  7. Click Add Administrator.

Step 2: Enable LDAP interface with Okta

  1. Sign in to the Okta Admin Console with Super admin privileges.

  2. Click Directory > Directory Integrations.

  3. Click Add LDAP Interface.

    Tip

    If this isn't an option, you must request it from Okta Support.

  4. From the LDAP Interface page, you'll find most of the settings necessary for the configuration in Access Server.

    integrate-okta-LDAP-DN.jpg

Step 3: Set up LDAP in Access Server

  1. Sign in to your Admin Web UI.

  2. Click Authentication.

    • The General Settings tab displays.

  3. Click the LDAP tab.

  4. Set Enable LDAP authentication to Enabled.

  5. Fill out the LDAP settings:

    Connect to LDAP servers with SSL

    On

    Primary server

    Host Name: <org_subdomain>.ldap.okta.com

    Authenticate with username/password for initial bind

    On

    Bind DN username

    The username for your Okta bind user.

    Password

    Enter the bind user's Okta password.

    Base DN for user entries

    OU=Users, DC=<org_subdomain>, DC=okta, DC=com

    Username Attribute

    uid

    LDAP filter

    Add additional parameters here, for instance, searching for members of a specific group, for example: memberOf=CN=&lt;group&gt;, OU=groups, DC=&lt;org_subdomain&gt;, DC=okta, DC=com

  6. Click Save and Restart.

In this section: