Add SharePoint (On-Premise) in Okta

Important Note


Okta Group Push is not currently supported with the SharePoint On-Premise application.

We recommend you use only AD groups or only Okta groups in order to configure authorization to your SharePoint server. Configuring Push Groups to your Active Directory and attempting to use these groups for SharePoint authorization will result in problems accessing the application.


  1. Add the SharePoint (On-Premise) app.

    Go to Applications > Applications > Add Application and search for the app.

  2. On the General tab > App Settings, fill in the appropriate fields. These fields are used to connect and send information as part of the SAML assertion to SharePoint:

    • SharePoint Web Application URL: This points to the web application that is running on SharePoint. For example, https://app1. There can be multiple apps running on SharePoint, each of which needs a SharePoint app within Okta.
    • Application attributes: Admins can send information about Okta user profile attributes to SharePoint for auditing or logging purposes. Sending any custom Okta attributes is also supported. This information is not used for authentication or authorizing apps in SharePoint. Okta typically sends UPN and email data as part of the assertion.

      Acceptable formats for application attributes are:

      • Okta User Profile Attribute: For example, firstName|${user.firstName}|
      • Imported Attribute: For example, lastName|<appId>:${user.lastName}|

        You can obtain your app ID from your app's URL, as shown below:

    • Group filter: This field is sent as part of a SAML assertion. This is used for checking permissions in SharePoint.
  3. Go to SharePoint (On-Premise) app > Sign On > View Setup Instructions to install and configure SharePoint People Picker