Portkey provides LDAP integration support for enterprises through industry-standard identity provider bridges. This approach enables organizations to maintain their existing LDAP infrastructure while benefiting from modern cloud-native authentication protocols.

Overview

Rather than implementing native LDAP support, Portkey leverages proven bridge solutions from leading identity providers. This strategy offers:

  • Enhanced Security: Modern token-based authentication with MFA support
  • Improved Scalability: Cloud-native architecture without on-premises limitations
  • Reduced Complexity: Leverage specialized identity provider expertise
  • Future-Ready: Seamless path to modern protocols

How LDAP Bridging Works

LDAP bridge solutions translate between your existing LDAP directory and Portkey’s modern authentication protocols (SAML, OIDC, SCIM).

Architecture Overview

The bridge maintains synchronization between your LDAP directory and the identity provider, enabling:

  • User Authentication: LDAP credentials validated through SAML/OIDC
  • User Provisioning: Directory changes synchronized via SCIM
  • Group Management: LDAP groups mapped to Portkey workspaces
  • Attribute Mapping: Custom LDAP attributes preserved

Supported Identity Providers

Azure AD Connect

Microsoft’s solution for organizations using Active Directory.

  • Synchronizes on-premises AD to Azure AD
  • Supports password hash sync or pass-through authentication
  • Enables SAML, OIDC, and SCIM for cloud applications
  • Free tier available, Premium features $6-9/user/month


Best For: Organizations already using Microsoft 365 or Azure services

Okta LDAP Agent

On-premises agent connects to your LDAP directory.

  • No credential replication to cloud
  • Real-time authentication against LDAP


Best For: Organizations with on-premises AD

Okta LDAP Interface

Cloud-based LDAP endpoint.

  • No on-premises infrastructure required
  • Simplified management


Best For: Organizations with on-premises AD

Alternative Solutions

  • OneLogin Virtual LDAP: Cloud-based LDAP service
  • Auth0 AD/LDAP Connector: Developer-friendly integration
  • Keycloak: Open-source option with enterprise features
  • JumpCloud: Directory-as-a-Service with LDAP support

Azure AD Setup

Requires Azure AD Connect installed on-premises with connectivity to your domain controllers.

1

Install Azure AD Connect

  # Download from Microsoft
  # Run installer with admin privileges
2

Configure Synchronization

3

Enable Portkey SSO

  • Navigate to Azure Portal > Enterprise Applications
  • Add new application > Non-gallery application
4

Configure SCIM Provisioning

SSO Documentation

SCIM Documentation

Okta Setup

Using Okta LDAP Agent

1

Download and Install Agent

  • Access Okta Admin Console
  • Navigate to Directory > Directory Integrations
  • Add LDAP Directory > Download Agent
  • Install on server with LDAP connectivity
2

Configure LDAP Connection

LDAP Host: ldap.company.com
LDAP Port: 389 (or 636 for LDAPS)
Bind DN: cn=okta-service,ou=services,dc=company,dc=com
Base DN: dc=company,dc=com
3

Set Up Portkey Integration

  • Create SAML application following SSO guide
  • Enable SCIM provisioning per SCIM guide
  • Configure attribute mappings

Using Okta LDAP Interface

1

Enable LDAP Interface

  • Okta Admin > Directory > LDAP Interface
  • Generate LDAP credentials
  • Note the LDAP endpoint URL
2

Configure Applications

  • Point LDAP applications to Okta endpoint
  • Use generated credentials for binding
  • Test authentication flow

Attribute Mapping

Ensure critical LDAP attributes map correctly:

LDAP AttributeSCIM AttributePortkey Field
uid/sAMAccountNameuserNameusername
mailemails[primary]email
givenNamename.givenNamefirstName
snname.familyNamelastName
memberOfgroupsworkspaces
titletitlejobTitle

Custom LDAP attributes can be mapped through extended schema support in most identity providers.

Troubleshooting

Best Practices

High Availability

Deploy multiple bridge instances
Configure load balancing
Implement health monitoring

Security Hardening

Use LDAPS (LDAP over SSL) always
Implement service account restrictions
Enable audit logging

Performance Optimization

Cache frequently accessed data
Implement connection pooling
Monitor query performance

Frequently Asked Questions

Support

For assistance with LDAP integration:

Enterprise customers can request a guided migration workshop. Our solution architects will help design and implement your LDAP bridge strategy.