• Home

  • Documents

  • OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three...
9
Active Directory Configuration Guide Ó2016 Veeva. All rights reserved. OrgWiki Ò Active Directory Configuration Guide Introduction This guide provides instructions for configuring Okta with OrgWiki to allow authentication and provisioning to be driving by your existing Active Directory infrastructure. This guide is intended for customers who signed up for Okta through OrgWiki. Existing customers of Okta should refer to the Okta Configuration Guide The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta to handle authentication for OrgWiki and to provide automated provisioning. 2. Set up Active Directory integration with Okta – Configure the Okta Active Directory Agent with your AD instance and setup provisioning rules to enable automated provisioning of AD users into OrgWiki 3. Setup the attribute mappings – These are mappings between user attributes in AD and Okta and between Okta and OrgWiki to ensure the appropriate AD attributes are provisioned to OrgWiki Configure Integration between Okta and OrgWiki Sign up for OrgWiki and Okta at https://www.theorgwiki.com/embedded_okta. The fields on the registration form will be used to: 1. Sign up for a new Okta account (includes the first admin user) 2. Add the OrgWiki app to the Okta account 3. Assign the first admin user to the OrgWiki app 4. Sign up for a new OrgWiki account 5. Configure OrgWiki to use Okta for single-sign on via SAML After the above steps have been completed you will be prompted to login via Okta and then redirected to OrgWiki. Set up Active Directory integration with Okta To setup Active Directory, please follow the instructions on Installing and Configuring the Active Directory Agent. Once this is completed, user and employee data will be periodically synced from AD into the Okta directory. Okta recommends you use groups to trigger auto-provisioning – once AD groups are imported into Okta you will associate users with OrgWiki via the appropriate group to trigger auto- provisioning.

OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

  • Upload
    others

  • View
    12

  • Download
    0

Embed Size (px)

Citation preview

Page 1: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

OrgWikiÒActiveDirectoryConfigurationGuideIntroductionThisguideprovidesinstructionsforconfiguringOktawithOrgWikitoallowauthenticationandprovisioningtobedrivingbyyourexistingActiveDirectoryinfrastructure.ThisguideisintendedforcustomerswhosignedupforOktathroughOrgWiki.ExistingcustomersofOktashouldrefertotheOktaConfigurationGuideTheActiveDirectoryintegrationinvolvesthreemainsteps:

1. ConfiguretheintegrationbetweenOktaandOrgWiki-ThisallowsOktatohandleauthenticationforOrgWikiandtoprovideautomatedprovisioning.

2. SetupActiveDirectoryintegrationwithOkta–ConfiguretheOktaActiveDirectoryAgentwithyourADinstanceandsetupprovisioningrulestoenableautomatedprovisioningofADusersintoOrgWiki

3. Setuptheattributemappings–ThesearemappingsbetweenuserattributesinADandOktaandbetweenOktaandOrgWikitoensuretheappropriateADattributesareprovisionedtoOrgWiki

ConfigureIntegrationbetweenOktaandOrgWikiSignupforOrgWikiandOktaathttps://www.theorgwiki.com/embedded_okta.Thefieldsontheregistrationformwillbeusedto:

1. SignupforanewOktaaccount(includesthefirstadminuser)2. AddtheOrgWikiapptotheOktaaccount3. AssignthefirstadminusertotheOrgWikiapp4. SignupforanewOrgWikiaccount5. ConfigureOrgWikitouseOktaforsingle-signonviaSAML

AftertheabovestepshavebeencompletedyouwillbepromptedtologinviaOktaandthenredirectedtoOrgWiki.SetupActiveDirectoryintegrationwithOktaTosetupActiveDirectory,pleasefollowtheinstructionsonInstallingandConfiguringtheActiveDirectoryAgent.Oncethisiscompleted,userandemployeedatawillbeperiodicallysyncedfromADintotheOktadirectory.Oktarecommendsyouusegroupstotriggerauto-provisioning–onceADgroupsareimportedintoOktayouwillassociateuserswithOrgWikiviatheappropriategrouptotriggerauto-provisioning.

Page 2: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

CustomizeAD-OktaattributemappingAkeystepofAD-drivenprovisioninginvolvessettingupattributemappingsfromADintoOktaandthenfromOktatoOrgWiki.UsetheProfileEditortoreviewtheADtoOktamappingsTosetupmappings,intheOktaAdminDashboardyouneedtogotoDirectory->ProfileEditor.SelectyourActiveDirectoryinstanceandclickonMappingstoreviewthecurrentmappings.(Note–youshouldbelookingatthe[AD]toOktamappings.)Bydefault,theOrgWikiusernameissettotheOktausernamewhichdefaultstotheUPN(fromActiveDirectory)oftheuser.OrgWikirequirestheusernamevaluetobetheemailaddressoftheuser.Pleaseensureappuser.emailismappedtotheloginfield

SetupOktaprovisioningtoOrgWikiThefollowinguserattributescanbeprovisionedfromOktatoOrgWiki:DefaultOktaDirectoryattributes:

Attribute Required/Optional CommentsFirstName Required LastName Required Email Required Title Required ManagerID

(emailaddressorIDofmanager)Optional

-Usedforcreatingtheorgchart.-IfIDisuseditneedstomatchthemanager’sExternalId

StreetAddress Optional Setonprofilesandusedforaddingemployeestolocationgroupsandoffices.City Optional

State OptionalCountry OptionalOfficePhone Optional

Page 3: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

MobilePhone Optional Nickname Optional

UserType Optional Ifthevalueis“contractor”theemployeewillbemarkedasacontractorinOrgWiki.

Customattributes:

Attribute Required/Optional CommentsStartDate

(mustbeformattedYYYY-MM-DD) OptionalUsedforschedulingthenewhireannouncementandshowingthetenureofanemployeeontheirprofile.

OrgWikiExternalID Optional UniqueIDforemployeese.g.anemployeeID.

StartDateandOrgWikiExternalIDarecustomattributesthatcanbemappedtoOrgWiki.SeeAppendixAandBformoredetailedonaddingtheseattributes.

• FromtheProvisioningtaboftheOrgWikiapp,checktheEnableprovisioningfeaturesbox(seebelow).

Page 4: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• IntheAPIAuthenticationsection,clickAuthenticatewithOrgWiki(seebelow).o Note:ThisuserwillbeusedtoprovisionusersintoOrgWiki.

• AmessagewillappearwithoptiontoallowOktatoconnecttoyourOrgWikiinstance.ClickAuthorize(seebelow).

Page 5: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• NowyourOrgWikiappisauthenticated,scrolldowntheProvisioningpageandselecttheprovisioningfeaturesyouwanttoenable(seebelow).

• ClickNext.CustomizetheattributemappingfromOktatoOrgWikiToeditthemappingsbetweenOktaandOrgWiki,clicktheEditMappingsbuttonunderAttributeMappings,andselecttheOktatoOrgWikitabtoreviewthedefaultmappings.Note–topopulatethemanager’semailaddressintotheOrgWikiManagerIDfieldyoucanusethefollowingexpression:getManagerAppUser(“active_directory”,”active_directory”).email

FormoreinformationonOkta’sexpressionlanguageseehttp://developer.okta.com/reference/okta_expression_language/

Page 6: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

AssigninguserstoOrgWikiYoucannowassignuserstotheOrgWikiapp.Donotassignusersmanuallyifyouhavealargenumberofusers,asthisdoesnotscalewell.Instead,useagroupyou’vesynchronizedfromADorcreateagroupdirectlyinOktaforthepurposeofapplicationassignment.ToassignOrgWikitoaselectedgroup:

• InOkta,fromtheAdminDashboard,selectDirectory>Groups,andthenselectthegroupyouwanttoassignto.

• ClicktheManageAppsbuttontoassignappstothegroup(seebelow).

Page 7: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• SearchfortheOrgWikiappandclickAssign,thenclickDone(seebelow).

Page 8: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

AppendixA. AddingStartDateAttribute

OrgWikihasaStartDateattributetotheuserprofile.Beforeaddingtheattribute,makesurethedateisformattedcorrectly(YYYY-MM-DD)forOrgWikiusage.Forexample,“2016-01-15”.FollowthestepsbelowtoaddtheStartDateuserattributetotheuserprofile:• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.

• Type“StartDate”fortheDisplaynamefield.• Type“startDate”fortheVariablenamefield.• ForDescription,type“Employee’sstartdatewiththecompany”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.

B. AddingOrgWikiExternalIDAttribute

ThisOrgWikiExternalIDattributecanbeusedtoassociateauniqueIDwithOrgWikiprofiles.FollowthestepsbelowtoaddtheOrgWikiExternalIDuserattributetotheuserprofile:

Page 9: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.

• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.

• Type“OrgWikiExternalID”fortheDisplaynamefield.• Type“orgwikiExternalId”fortheVariablenamefield.• ForDescription,type“Auniqueidentifierforthisemployee–typicallyusedacross

apps”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.


MFA INTEGRATION WITH OKTA - secureauth.com · has the ability to act as a service provider for an external ... such as Active Directory, ... from the specified Okta sub-domain or

MFA INTEGRATION WITH OKTA - secureauth.com · has the ability to act as a service provider for an external ... such as Active Directory, ... from the specified Okta sub-domain or

Documents
PingFederate Integration with Azure Active Directory … · | Prepare Azure Active Directory | 6 Prepare Azure Active Directory • Sign up for Azure Active Directory and Office 365

PingFederate Integration with Azure Active Directory … · | Prepare Azure Active Directory | 6 Prepare Azure Active Directory • Sign up for Azure Active Directory and Office 365

Documents
Using Okta for Hybrid Microsoft AAD Join · Active Directory is the Microsoft on-prem user directory that has been widely deployed in workforce environments for many years. AD creates

Using Okta for Hybrid Microsoft AAD Join · Active Directory is the Microsoft on-prem user directory that has been widely deployed in workforce environments for many years. AD creates

Documents
Cloud Secure Integration with ADFS · integration to many third-party IdP's like PingOne, OKTA, and Active Directory Federation Services (ADFS) for seamless migration of existing

Cloud Secure Integration with ADFS · integration to many third-party IdP's like PingOne, OKTA, and Active Directory Federation Services (ADFS) for seamless migration of existing

Documents
How the Active Directory Replication Model Works_ Active Directory

How the Active Directory Replication Model Works_ Active Directory

Documents
Introduction to Active Directory Q. What is Active …saintangelos.com/studentdesk/Download/Interview Questions active...Introduction to Active Directory Q. What is Active Directory?

Introduction to Active Directory Q. What is Active …saintangelos.com/studentdesk/Download/Interview Questions active...Introduction to Active Directory Q. What is Active Directory?

Documents
Active Directory

Active Directory

Documents
Active Directory 101 Manage and Maintain Active Directory ... · Active Directory Domains vs. Forests • Active Directory Domains – Administrative boundary – Group Policy boundary*

Active Directory 101 Manage and Maintain Active Directory ... · Active Directory Domains vs. Forests • Active Directory Domains – Administrative boundary – Group Policy boundary*

Documents
Introduction to Active Directory · Introduction to Active Directory ... Active Directory is based on LDAP. ... Active Directory Sites and Services

Introduction to Active Directory · Introduction to Active Directory ... Active Directory is based on LDAP. ... Active Directory Sites and Services

Documents
SAML 2.0 Single-Sign-On · Active Directory Federation Services (ADFS) Auth0 Azure AD (Microsoft Azure Active Directory) Bitium Okta OneLogin Ping Identity Salesforce.com Any other

SAML 2.0 Single-Sign-On · Active Directory Federation Services (ADFS) Auth0 Azure AD (Microsoft Azure Active Directory) Bitium Okta OneLogin Ping Identity Salesforce.com Any other

Documents
Manage Engine Active Directory Auditing Sunumu(Active Directory Denetimi)

Manage Engine Active Directory Auditing Sunumu(Active Directory Denetimi)

Documents
Active-Directory-Zertifikatdienste (PKI) Installieren ... · 2 Active-Directory-Zertifikatdienste (PKI) Installieren & konfigurieren Active Directory-Zertifikatdienst Installieren

Active-Directory-Zertifikatdienste (PKI) Installieren ... · 2 Active-Directory-Zertifikatdienste (PKI) Installieren & konfigurieren Active Directory-Zertifikatdienst Installieren

Documents
dit.urfu.ru · Web viewКаталог объектов Microsoft Active Directory. Включает в себя домен Active Directory «at.urfu.ru», лес Active Directory

dit.urfu.ru · Web viewКаталог объектов Microsoft Active Directory. Включает в себя домен Active Directory «at.urfu.ru», лес Active Directory

Documents
Okta Identity Cloud for ServiceNow · The Okta Identity Cloud for ServiceNow Application (OIC app) is the simplest way to get ServiceNow connected to Active Directory (AD) and provide

Okta Identity Cloud for ServiceNow · The Okta Identity Cloud for ServiceNow Application (OIC app) is the simplest way to get ServiceNow connected to Active Directory (AD) and provide

Documents
Module 1: Introduction to Active Directory. Overview Introduction to Active Directory Active Directory Logical Structure Role of DNS in Active Directory

Module 1: Introduction to Active Directory. Overview Introduction to Active Directory Active Directory Logical Structure Role of DNS in Active Directory

Documents
Network Architecture & Active Directory … Architecture & Active Directory ... contents/articles/active-directory-replication-over ... Network Architecture & Active Directory Considerations

Network Architecture & Active Directory … Architecture & Active Directory ... contents/articles/active-directory-replication-over ... Network Architecture & Active Directory Considerations

Documents
Active Directory Infraestrutura do Active Directory

Active Directory Infraestrutura do Active Directory

Documents
Directory Integration with Okta · PDF fileContents White paper 1 User Directories and the Cloud: An Overview 3 Okta Directory Integration for All Your Cloud Apps 4 Simple and Secure

Directory Integration with Okta · PDF fileContents White paper 1 User Directories and the Cloud: An Overview 3 Okta Directory Integration for All Your Cloud Apps 4 Simple and Secure

Documents
Directory Integration with Okta

Directory Integration with Okta

Documents
1 Administering Active Directory Locating Active Directory Objects Controlling Access to Active Directory Objects Publishing Resources in Active Directory

1 Administering Active Directory Locating Active Directory Objects Controlling Access to Active Directory Objects Publishing Resources in Active Directory

Documents
Active Directory Planning Worksheets · Web viewActive Directory Planning Worksheets. Active Directory Planning Worksheets. taken with permission from Active Directory Planning and

Active Directory Planning Worksheets · Web viewActive Directory Planning Worksheets. Active Directory Planning Worksheets. taken with permission from Active Directory Planning and

Documents
Active Directory Windows2003 Server. Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory

Active Directory Windows2003 Server. Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory

Documents
Active Directory Directory Searcher

Active Directory Directory Searcher

Documents
ACTIVE DIRCTORY GUIDE Active Directory - Amazon S3 · ACTIVE DIRCTORY GUIDE Active Directory ... To support the Active Directory integration, ... as often the existing DNS servers

ACTIVE DIRCTORY GUIDE Active Directory - Amazon S3 · ACTIVE DIRCTORY GUIDE Active Directory ... To support the Active Directory integration, ... as often the existing DNS servers

Documents
Administering Active Directory · 2013-10-09Administering Active Directory

Administering Active Directory · 2013-10-09Administering Active Directory

Documents
Rethink Active Directory - Okta

Rethink Active Directory - Okta

Documents
Active Directory and Windows - oracle.com · Active Directory for Name Resolution Overview •Store and resolve Net names through Active Directory –Active Directory is used instead

Active Directory and Windows - oracle.com · Active Directory for Name Resolution Overview •Store and resolve Net names through Active Directory –Active Directory is used instead

Documents
Beyond the MCSE: Active Directory for the Security …...Administration There are several methods for interactive with Active Directory. Active Directory Users & Computers Active Directory

Beyond the MCSE: Active Directory for the Security …...Administration There are several methods for interactive with Active Directory. Active Directory Users & Computers Active Directory

Documents
Active Directory Upgrade - cisco.com · Active Directory Upgrade • MigrateActiveDirectoryandDNS,page1 • UpgradeActiveDirectoryandDNS,page5 Migrate Active Directory and DNS

Active Directory Upgrade - cisco.com · Active Directory Upgrade • MigrateActiveDirectoryandDNS,page1 • UpgradeActiveDirectoryandDNS,page5 Migrate Active Directory and DNS

Documents
Eindwerk: Linux Active Directory Emulatie 1users.telenet.be/lade/Linux Active Directory thesis.pdfEindwerk: Linux Active Directory Emulatie 5 2. Wat is Active Directory Als men het

Eindwerk: Linux Active Directory Emulatie 1users.telenet.be/lade/Linux Active Directory thesis.pdfEindwerk: Linux Active Directory Emulatie 5 2. Wat is Active Directory Als men het

Documents