Download - OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

Transcript
Page 1: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

OrgWikiÒActiveDirectoryConfigurationGuideIntroductionThisguideprovidesinstructionsforconfiguringOktawithOrgWikitoallowauthenticationandprovisioningtobedrivingbyyourexistingActiveDirectoryinfrastructure.ThisguideisintendedforcustomerswhosignedupforOktathroughOrgWiki.ExistingcustomersofOktashouldrefertotheOktaConfigurationGuideTheActiveDirectoryintegrationinvolvesthreemainsteps:

1. ConfiguretheintegrationbetweenOktaandOrgWiki-ThisallowsOktatohandleauthenticationforOrgWikiandtoprovideautomatedprovisioning.

2. SetupActiveDirectoryintegrationwithOkta–ConfiguretheOktaActiveDirectoryAgentwithyourADinstanceandsetupprovisioningrulestoenableautomatedprovisioningofADusersintoOrgWiki

3. Setuptheattributemappings–ThesearemappingsbetweenuserattributesinADandOktaandbetweenOktaandOrgWikitoensuretheappropriateADattributesareprovisionedtoOrgWiki

ConfigureIntegrationbetweenOktaandOrgWikiSignupforOrgWikiandOktaathttps://www.theorgwiki.com/embedded_okta.Thefieldsontheregistrationformwillbeusedto:

1. SignupforanewOktaaccount(includesthefirstadminuser)2. AddtheOrgWikiapptotheOktaaccount3. AssignthefirstadminusertotheOrgWikiapp4. SignupforanewOrgWikiaccount5. ConfigureOrgWikitouseOktaforsingle-signonviaSAML

AftertheabovestepshavebeencompletedyouwillbepromptedtologinviaOktaandthenredirectedtoOrgWiki.SetupActiveDirectoryintegrationwithOktaTosetupActiveDirectory,pleasefollowtheinstructionsonInstallingandConfiguringtheActiveDirectoryAgent.Oncethisiscompleted,userandemployeedatawillbeperiodicallysyncedfromADintotheOktadirectory.Oktarecommendsyouusegroupstotriggerauto-provisioning–onceADgroupsareimportedintoOktayouwillassociateuserswithOrgWikiviatheappropriategrouptotriggerauto-provisioning.

Page 2: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

CustomizeAD-OktaattributemappingAkeystepofAD-drivenprovisioninginvolvessettingupattributemappingsfromADintoOktaandthenfromOktatoOrgWiki.UsetheProfileEditortoreviewtheADtoOktamappingsTosetupmappings,intheOktaAdminDashboardyouneedtogotoDirectory->ProfileEditor.SelectyourActiveDirectoryinstanceandclickonMappingstoreviewthecurrentmappings.(Note–youshouldbelookingatthe[AD]toOktamappings.)Bydefault,theOrgWikiusernameissettotheOktausernamewhichdefaultstotheUPN(fromActiveDirectory)oftheuser.OrgWikirequirestheusernamevaluetobetheemailaddressoftheuser.Pleaseensureappuser.emailismappedtotheloginfield

SetupOktaprovisioningtoOrgWikiThefollowinguserattributescanbeprovisionedfromOktatoOrgWiki:DefaultOktaDirectoryattributes:

Attribute Required/Optional CommentsFirstName Required LastName Required Email Required Title Required ManagerID

(emailaddressorIDofmanager)Optional

-Usedforcreatingtheorgchart.-IfIDisuseditneedstomatchthemanager’sExternalId

StreetAddress Optional Setonprofilesandusedforaddingemployeestolocationgroupsandoffices.City Optional

State OptionalCountry OptionalOfficePhone Optional

Page 3: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

MobilePhone Optional Nickname Optional

UserType Optional Ifthevalueis“contractor”theemployeewillbemarkedasacontractorinOrgWiki.

Customattributes:

Attribute Required/Optional CommentsStartDate

(mustbeformattedYYYY-MM-DD) OptionalUsedforschedulingthenewhireannouncementandshowingthetenureofanemployeeontheirprofile.

OrgWikiExternalID Optional UniqueIDforemployeese.g.anemployeeID.

StartDateandOrgWikiExternalIDarecustomattributesthatcanbemappedtoOrgWiki.SeeAppendixAandBformoredetailedonaddingtheseattributes.

• FromtheProvisioningtaboftheOrgWikiapp,checktheEnableprovisioningfeaturesbox(seebelow).

Page 4: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• IntheAPIAuthenticationsection,clickAuthenticatewithOrgWiki(seebelow).o Note:ThisuserwillbeusedtoprovisionusersintoOrgWiki.

• AmessagewillappearwithoptiontoallowOktatoconnecttoyourOrgWikiinstance.ClickAuthorize(seebelow).

Page 5: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• NowyourOrgWikiappisauthenticated,scrolldowntheProvisioningpageandselecttheprovisioningfeaturesyouwanttoenable(seebelow).

• ClickNext.CustomizetheattributemappingfromOktatoOrgWikiToeditthemappingsbetweenOktaandOrgWiki,clicktheEditMappingsbuttonunderAttributeMappings,andselecttheOktatoOrgWikitabtoreviewthedefaultmappings.Note–topopulatethemanager’semailaddressintotheOrgWikiManagerIDfieldyoucanusethefollowingexpression:getManagerAppUser(“active_directory”,”active_directory”).email

FormoreinformationonOkta’sexpressionlanguageseehttp://developer.okta.com/reference/okta_expression_language/

Page 6: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

AssigninguserstoOrgWikiYoucannowassignuserstotheOrgWikiapp.Donotassignusersmanuallyifyouhavealargenumberofusers,asthisdoesnotscalewell.Instead,useagroupyou’vesynchronizedfromADorcreateagroupdirectlyinOktaforthepurposeofapplicationassignment.ToassignOrgWikitoaselectedgroup:

• InOkta,fromtheAdminDashboard,selectDirectory>Groups,andthenselectthegroupyouwanttoassignto.

• ClicktheManageAppsbuttontoassignappstothegroup(seebelow).

Page 7: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• SearchfortheOrgWikiappandclickAssign,thenclickDone(seebelow).

Page 8: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

AppendixA. AddingStartDateAttribute

OrgWikihasaStartDateattributetotheuserprofile.Beforeaddingtheattribute,makesurethedateisformattedcorrectly(YYYY-MM-DD)forOrgWikiusage.Forexample,“2016-01-15”.FollowthestepsbelowtoaddtheStartDateuserattributetotheuserprofile:• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.

• Type“StartDate”fortheDisplaynamefield.• Type“startDate”fortheVariablenamefield.• ForDescription,type“Employee’sstartdatewiththecompany”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.

B. AddingOrgWikiExternalIDAttribute

ThisOrgWikiExternalIDattributecanbeusedtoassociateauniqueIDwithOrgWikiprofiles.FollowthestepsbelowtoaddtheOrgWikiExternalIDuserattributetotheuserprofile:

Page 9: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.

• Type“OrgWikiExternalID”fortheDisplaynamefield.• Type“orgwikiExternalId”fortheVariablenamefield.• ForDescription,type“Auniqueidentifierforthisemployee–typicallyusedacross

apps”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.


Top Related

Module 1: Introduction to Active Directory. Overview Introduction to Active Directory Active Directory Logical Structure Role of DNS in Active Directory.

Module 1: Introduction to Active Directory. Overview Introduction to Active Directory Active Directory Logical Structure Role of DNS in Active Directory.

PingFederate Integration with Azure Active Directory … · | Prepare Azure Active Directory | 6 Prepare Azure Active Directory • Sign up for Azure Active Directory and Office 365

PingFederate Integration with Azure Active Directory … · | Prepare Azure Active Directory | 6 Prepare Azure Active Directory • Sign up for Azure Active Directory and Office 365

Okta Identity Cloud for ServiceNow · The Okta Identity Cloud for ServiceNow Application (OIC app) is the simplest way to get ServiceNow connected to Active Directory (AD) and provide

Okta Identity Cloud for ServiceNow · The Okta Identity Cloud for ServiceNow Application (OIC app) is the simplest way to get ServiceNow connected to Active Directory (AD) and provide

MFA INTEGRATION WITH OKTA - secureauth.com · has the ability to act as a service provider for an external ... such as Active Directory, ... from the specified Okta sub-domain or

MFA INTEGRATION WITH OKTA - secureauth.com · has the ability to act as a service provider for an external ... such as Active Directory, ... from the specified Okta sub-domain or

Rethink Active Directory - Okta

Rethink Active Directory - Okta

Using Okta for Hybrid Microsoft AAD Join · Active Directory is the Microsoft on-prem user directory that has been widely deployed in workforce environments for many years. AD creates

Using Okta for Hybrid Microsoft AAD Join · Active Directory is the Microsoft on-prem user directory that has been widely deployed in workforce environments for many years. AD creates

Understanding Active Directory Domains and Trusts …...Understanding Active Directory Domains and Trusts Active Directory Active Directory is the Microsoft implementation of directory

Understanding Active Directory Domains and Trusts …...Understanding Active Directory Domains and Trusts Active Directory Active Directory is the Microsoft implementation of directory

How the Active Directory Replication Model Works_ Active Directory

How the Active Directory Replication Model Works_ Active Directory

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS