Configure Okta as Claims Provider in SharePoint (On-Premise)


  • User account that has permissions to modify the SharePoint farm
  • SharePoint Management Shell or SharePoint PowerShell snap-in to run PowerShell commands. Add the required snap-in to an existing PowerShell prompt by entering the following the command:

    Add-PSSnapIn Microsoft.Sharepoint.Powershell


1. Configure mappings

You can configure four attributes (Username, First Name, Last Name, and Email) for SharePoint. It allows wildcard matches for any prefix match of First Name, Last Name, and Email in the Okta user profile attributes, as well as in the App user profile attributes.

To configure mappings, go to Directory > Profile Editor > SharePoint (On-Premise) > Mappings.


Important Note


  • If you are setting the search scope level as OKTA and the identifier claim as userName, then do not customize mappings for app user’s username.
  • If you are setting the search scope level as APP, then do not customize mappings for an app user’s firstName/lastName/email nor leave those fields empty.


2. Validate Okta added as Claims Provider

After you complete the installation procedure, Okta should appear in the Trusted Identity Provider list on the SharePoint Central Administration console.

  1. Go to SharePoint Central Administration > Security > Specify Authentication Providers > Default zone > Trusted Identity Provider list.
  2. Confirm that you can see Okta in the list.

Important Note


Make sure you disable the Okta Identity Provider whenever you install, uninstall, or update the Okta People Picker. See Uninstall Okta People Picker and Okta Authentication.