LDAP with OKTA

LDAP with OKTA

Only available from Faraday v3.10 onwards


First of all, navigate to:

https://www.okta.com/



Click on Try Okta and Sign Up:



Remember your user and workdomain from user@workdomain.com


Okta will send you an e-mail with the URL and your temporary password, use those to log-in into Okta.


Enter to the Directory Integrations Label (https://<domain>.okta.com/admin/people/directories) from your Okta URL.


And Click Add LDAP Interface



Now, open with VIM or Nano /home/faraday/.faraday/config/server.ini and add the next lines to it (remember to change the <domain> spaces):


[ldap]
enabled = true
server = <domain>.ldap.okta.com
domain_dn = OU=users, DC=<domain>, DC=okta, DC=com
domain =<domain>.okta.com
admin_group = fadmin
pentester_group = fpentester
client_group = fclient
use_ldaps = true
use_start_tls = false
port = 636
disconnect_timeout = 2.0
use_local_roles = true
default_local_role = admin
bind_format = DN
bind_dn = dc=<domain>,dc=okta,dc=com


Now, restart Faraday Server with $ systemctl restart faraday-server


Login into Faraday with the User and Password you used to login into Okta.

(Remember you can only access as an Admin user and you can't create more users).



    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • LDAP

        [This feature is only available for Corporate version users] ​ For the time being Faraday doesn't support a hybrid installation using both LDAP and local users. Enabling LDAP disables local users and vice versa. However, local users are not deleted, ...
      • LDAP Reconfigure Troubleshooting on Faraday 3.16

        As part of the constant grow there were introduced new security rules on LDAP and as a consequence when upgrading Faraday to 3.16 it LDAP needs to be reconfigured. Steps to do it: faraday-manage settings -a update ldap Then update every field ...
      • Managing Users

        During the Faraday Server setup process an administrator user is created. Default username is faraday and password will be created randomly . Store this password to be able to change it later on if needed. If you wish to change your password, run ...