Enable the LDAP Interface

When you enable the LDAP Interface, the values you use to connect to the LDAP Interface appear. Click View Logs to view LDAP Interface events in the log. The logs can help you troubleshoot connection issues.

The LDAP Interface is Active by default. You can set it to Inactive by selecting Deactivate from the dropdown menu and then clicking Deactivate application in the dialog that opens.

Super admin permissions are required to complete this procedure.

1. In the Admin Console, go to Directory > Directory Integrations.
2. If you don't have any directory integrations configured, click Add LDAP Interface. Otherwise, click Add Directory > Add LDAP Interface.
3. The Groups configuration determines how Okta filters LDAP memberOf queries. The following is what the LDAP Interface exposes with each setting:
   • Okta groups: Only groups created directly in Okta are visible.
   • App groups: Only groups pushed or imported from connected apps are visible.
   • Okta groups and app groups: All groups are visible regardless of their source.
4. Set the Time before token rotation under Access token security. This value determines the maximum age of a pooled LDAP connection. Choose a unit of time (Minutes, Hours, or Days) from the dropdown list. You can set a minimum timeout of one minute and a maximum timeout of 90 days.
5. Click Save.

Related topics

Set up and manage the LDAP Interface