Configure Okta as Claims Provider in SharePoint (On-Premise)
- User account that has permissions to modify the SharePoint farm
SharePoint Management Shell or SharePoint PowerShell snap-in to run PowerShell commands. Add the required snap-in to an existing PowerShell prompt by entering the following the command:
1. Configure mappings
You can configure four attributes (Username, First Name, Last Name, and Email) for SharePoint. It allows wildcard matches for any preﬁx match of First Name, Last Name, and Email in the Okta user proﬁle attributes, as well as in the AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. user proﬁle attributes.
To configure mappings, go to Directory > Profile Editor > SharePoint (On-Premise) > Mappings.
- If you are setting the search scopeA scope is an indication by the client that it wants to access some resource. level as OKTA and the identiﬁer claim as userName, then do not customize mappings for app user’s username.
- If you are setting the search scope level as APP, then do not customize mappings for an app user’s ﬁrstName/lastName/email nor leave those ﬁelds empty.
2. Validate Okta added as Claims Provider
After you complete the installation procedure, Okta should appear in the Trusted Identity Provider list on the SharePoint Central Administration console.
- Go to SharePoint Central Administration > Security > Specify AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. Providers > Default zone > Trusted Identity Provider list.
Confirm that you can see Okta in the list.
Make sure you disable the Okta Identity Provider whenever you install, uninstall, or update the Okta People Picker. See Uninstall Okta People Picker and Okta Authentication.