diff --git a/pkg/credentials/sts_ldap_identity.go b/pkg/credentials/sts_ldap_identity.go
index 31fe10ae0..79ec675a8 100644
--- a/pkg/credentials/sts_ldap_identity.go
+++ b/pkg/credentials/sts_ldap_identity.go
@@ -76,6 +76,10 @@ type LDAPIdentity struct {
 
 	// Optional, used for token revokation
 	TokenRevokeType string
+
+	// Optional, the LDAP configuration name to use for the LDAP identity
+	// provider.
+	LDAPTargetName string
 }
 
 // NewLDAPIdentity returns new credentials object that uses LDAP
@@ -110,6 +114,22 @@ func LDAPIdentityExpiryOpt(d time.Duration) LDAPIdentityOpt {
 	}
 }
 
+// LDAPIdentityTokenRevokeTypeOpt sets the token revokation type for requested
+// credentials.
+func LDAPIdentityTokenRevokeTypeOpt(tokenRevokeType string) LDAPIdentityOpt {
+	return func(k *LDAPIdentity) {
+		k.TokenRevokeType = tokenRevokeType
+	}
+}
+
+// LDAPIdentityTargetNameOpt sets the LDAP configuration name for requested
+// credentials.
+func LDAPIdentityTargetNameOpt(targetName string) LDAPIdentityOpt {
+	return func(k *LDAPIdentity) {
+		k.LDAPTargetName = targetName
+	}
+}
+
 // NewLDAPIdentityWithSessionPolicy returns new credentials object that uses
 // LDAP Identity with a specified session policy. The `policy` parameter must be
 // a JSON string specifying the policy document.
@@ -158,6 +178,9 @@ func (k *LDAPIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, er
 	if k.TokenRevokeType != "" {
 		v.Set("TokenRevokeType", k.TokenRevokeType)
 	}
+	if k.LDAPTargetName != "" {
+		v.Set("LDAPTargetName", k.LDAPTargetName)
+	}
 
 	req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode()))
 	if err != nil {