Deploy Okta People Picker for SharePoint agent

Install and deploy the Okta People Picker for SharePoint agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. to your SharePoint farm environment. The default installation steps outlined below activate the feature at the farm level.


1. Install Okta People Picker for SharePoint agent

  1. In Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, go to Settings > Download and download the Okta People Picker for SharePoint Server 2010, 2013, or 2016.

  2. Enter the following PowerShell commands to add and install the Okta SharePoint solution for People Picker:

    Add-SPSolution -LiteralPath "C:\"

    Install-SPSolution -Identity "" –GACDeployment

    Replace the LiteralPath command line argument with the path to the downloaded People Picker WSP solution file, and update the identity command line argument with the appropriate version-based file name.




    • It might take a few minutes for the agent to be installed and deployed.
    • You can query your deployment status by entering the following PowerShell command: Get-SPSolution.
    • The status output reads Deployed after the solution has been deployed to the farm.
    • If the status output continues to read Not deployed, sign into the SharePoint Central Administration console, select System Settings > Manage Farm Solutions, and check for error messages.
    • If necessary, cancel the deployment and restart it using the SharePoint Central Administration Management Console.


  3. Deploy the agent using the SharePoint Central Administration Management Console. Confirm the installation and troubleshoot any issues.




    We highly recommend that you use a ULS viewer during the People Picker installation procedure to help you diagnose configuration issues.



2. Assign Okta Claims Provider as Trusted Identity Token Issuer

Assign the Okta Claims Provider that was configured during the Okta SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. configuration as the SPTrustedIdentityTokenIssuer for People Picker.

If the SPTrustedIdentityTokenIssuer was named something other than Okta during the SSO configuration, update the commands below with the correct values.

$trust = Get-SPTrustedIdentityTokenIssuer "Okta"

$trust.ClaimProviderName = "OktaClaimsProvider"



3. Validate the installation and configuration

  1. Enter the following PowerShell command to retrieve the OktaClaimsProvider value:


  2. Make sure the Okta provider is Enabled and configured as Default.


4. For SharePoint 2010 only: Upload the Okta Certificate People Picker

The SharePoint administrator must import the Okta DigiCert Root Certificate and all certificates in its cert chain into the SharePoint certificate store. Perform the procedure described in For SharePoint 2010 only: Import security certificate to Trusted Root Certificate Authority


Troubleshoot the People Picker

Look for OktaClaimsProvider in the SharePoint ULS logs to monitor the activity of the claims provider. A ULS log viewer is recommended.

Upgrade the Okta Claims Provider or People Picker

Before you upgrade the Okta Claims Provider or People Picker, we highly recommended that you completely remove the previous version of the Okta People Picker. See Uninstall Okta People Picker and Okta Authentication for uninstallation instructions and then deploy the new version using the deployment procedure.