Skip to main content
Portkey provides LDAP integration support for enterprises through industry-standard identity provider bridges. This approach enables organizations to maintain their existing LDAP infrastructure while benefiting from modern cloud-native authentication protocols.

​
Overview

Rather than implementing native LDAP support, Portkey leverages proven bridge solutions from leading identity providers. This strategy offers:
  • Enhanced Security: Modern token-based authentication with MFA support
  • Improved Scalability: Cloud-native architecture without on-premises limitations
  • Reduced Complexity: Leverage specialized identity provider expertise
  • Future-Ready: Seamless path to modern protocols

​
How LDAP Bridging Works

LDAP bridge solutions translate between your existing LDAP directory and Portkey’s modern authentication protocols (SAML, OIDC, SCIM).

​
Architecture Overview

The bridge maintains synchronization between your LDAP directory and the identity provider, enabling:
  • User Authentication: LDAP credentials validated through SAML/OIDC
  • User Provisioning: Directory changes synchronized via SCIM
  • Group Management: LDAP groups mapped to Portkey workspaces
  • Attribute Mapping: Custom LDAP attributes preserved

​
Supported Identity Providers

Azure AD Connect

Microsoft’s solution for organizations using Active Directory.

  • Synchronizes on-premises AD to Azure AD
  • Supports password hash sync or pass-through authentication
  • Enables SAML, OIDC, and SCIM for cloud applications
  • Free tier available, Premium features $6-9/user/month


Best For: Organizations already using Microsoft 365 or Azure services

Okta LDAP Agent

On-premises agent connects to your LDAP directory.

  • No credential replication to cloud
  • Real-time authentication against LDAP


Best For: Organizations with on-premises AD

Okta LDAP Interface

Cloud-based LDAP endpoint.

  • No on-premises infrastructure required
  • Simplified management


Best For: Organizations with on-premises AD
Alternative Solutions
  • OneLogin Virtual LDAP: Cloud-based LDAP service
  • Auth0 AD/LDAP Connector: Developer-friendly integration
  • Keycloak: Open-source option with enterprise features
  • JumpCloud: Directory-as-a-Service with LDAP support

​
Azure AD Setup

Requires Azure AD Connect installed on-premises with connectivity to your domain controllers.
1

Install Azure AD Connect

  # Download from Microsoft
  # Run installer with admin privileges
2

Configure Synchronization

  • Password Hash Sync (recommended)
  • Pass-through Authentication
  • Federation (advanced)
  • Select OUs to synchronize
  • Configure attribute filtering
3

Enable Portkey SSO

  • Navigate to Azure Portal > Enterprise Applications
  • Add new application > Non-gallery application
  • Entity ID: get from Portkey Control Plane.
  • Reply URL: get from Portkey Control Plane.
  • Sign-on URL: https://app.portkey.ai
4

Configure SCIM Provisioning

  • In application settings, go to Provisioning
  • Set mode to Automatic
  • Configure with Portkey SCIM endpoint and token

SSO Documentation

SCIM Documentation

​
Okta Setup

​
Using Okta LDAP Agent

1

Download and Install Agent

  • Access Okta Admin Console
  • Navigate to Directory > Directory Integrations
  • Add LDAP Directory > Download Agent
  • Install on server with LDAP connectivity
2

Configure LDAP Connection

LDAP Host: ldap.company.com
LDAP Port: 389 (or 636 for LDAPS)
Bind DN: cn=okta-service,ou=services,dc=company,dc=com
Base DN: dc=company,dc=com
3

Set Up Portkey Integration

  • Create SAML application following SSO guide
  • Enable SCIM provisioning per SCIM guide
  • Configure attribute mappings

​
Using Okta LDAP Interface

1

Enable LDAP Interface

  • Okta Admin > Directory > LDAP Interface
  • Generate LDAP credentials
  • Note the LDAP endpoint URL
2

Configure Applications

  • Point LDAP applications to Okta endpoint
  • Use generated credentials for binding
  • Test authentication flow

​
Attribute Mapping

Ensure critical LDAP attributes map correctly:
LDAP AttributeSCIM AttributePortkey Field
uid/sAMAccountNameuserNameusername
mailemails[primary]email
givenNamename.givenNamefirstName
snname.familyNamelastName
memberOfgroupsworkspaces
titletitlejobTitle
Custom LDAP attributes can be mapped through extended schema support in most identity providers.

​
Troubleshooting

Symptom: Users cannot log in despite correct credentialsCauses:
  • Certificate validation errors
  • Time synchronization issues
  • Incorrect attribute Mapping
Solution:
  • Verify SSL certificates are trusted
  • Ensure NTP synchronization
  • Check authentication logs in identity provider
Symptom: Users not appearing in Portkey or incorrect attributesCauses:
  • SCIM endpoint connectivity issues
  • Attribute mapping conflicts
  • Insufficient permissions
Solution:
  • Test SCIM endpoint with bearer token
  • Review attribute mapping configuration
  • Verify service account permissions
Symptom: Slow authentication or provisioningCauses:
  • Unindexed LDAP queries
  • Network latency
  • Large group memberships
Solution:
  • Add indexes for commonly queried attributes
  • Deploy bridge closer to LDAP servers
  • Implement group filtering

​
Best Practices

High Availability

Deploy multiple bridge instances
Configure load balancing
Implement health monitoring

Security Hardening

Use LDAPS (LDAP over SSL) always
Implement service account restrictions
Enable audit logging

Performance Optimization

Cache frequently accessed data
Implement connection pooling
Monitor query performance

​
Frequently Asked Questions

Modern cloud architectures benefit from stateless, token-based protocols. LDAP’s stateful binary protocol creates security and scalability challenges in cloud environments. Industry leaders like Slack, Salesforce, and others follow the same approach.
While identity provider licenses add cost, most organizations see overall savings through:
  • Reduced infrastructure maintenance
  • Improved security posture
  • Decreased administrative overhead
  • Better user experience
Typical enterprise migrations complete in 3-6 months:
  • Small organizations (<1,000 users): 4-8 weeks
  • Medium organizations (1,000-10,000): 2-4 months
  • Large enterprises (10,000+): 4-6 months
Yes, bridge solutions maintain your existing LDAP infrastructure. Other applications continue working unchanged while Portkey uses modern protocols.

​
Support

For assistance with LDAP integration:
Enterprise customers can request a guided migration workshop. Our solution architects will help design and implement your LDAP bridge strategy.
Last modified on January 28, 2026