Deploy Okta People Picker for SharePoint agent

Install and deploy the Okta People Picker for SharePoint agent to your SharePoint farm environment. The default installation steps outlined below activate the feature at the farm level.

 

1. Install Okta People Picker for SharePoint agent

  1. In Okta Admin Console, go to Settings > Download and download the Okta People Picker for SharePoint Server 2010, 2013, or 2016.

  2. Enter the following PowerShell commands to add and install the Okta SharePoint solution for People Picker:

    Add-SPSolution -LiteralPath "C:\OktaClaimsProviderxx.xxx.wsp"

    Install-SPSolution -Identity "oktaclaimsproviderxx.xxx.wsp" –GACDeployment

    Replace the LiteralPath command line argument with the path to the downloaded People Picker WSP solution file, and update the identity command line argument with the appropriate version-based file name.

     

    Tip

    Tip

    • It might take a few minutes for the agent to be installed and deployed.
    • You can query your deployment status by entering the following PowerShell command: Get-SPSolution.
    • The status output reads Deployed after the solution has been deployed to the farm.
    • If the status output continues to read Not deployed, sign into the SharePoint Central Administration console, select System Settings > Manage Farm Solutions, and check for error messages.
    • If necessary, cancel the deployment and restart it using the SharePoint Central Administration Management Console.

     

  3. Deploy the agent using the SharePoint Central Administration Management Console. Confirm the installation and troubleshoot any issues.

     

    Tip

    Tip

    We highly recommend that you use a ULS viewer during the People Picker installation procedure to help you diagnose configuration issues.

     

 

2. Assign Okta Claims Provider as Trusted Identity Token Issuer

Assign the Okta Claims Provider that was configured during the Okta SSO configuration as the SPTrustedIdentityTokenIssuer for People Picker.

If the SPTrustedIdentityTokenIssuer was named something other than Okta during the SSO configuration, update the commands below with the correct values.

$trust = Get-SPTrustedIdentityTokenIssuer "Okta"

$trust.ClaimProviderName = "OktaClaimsProvider"

$trust.Update()

 

3. Validate the installation and configuration

  1. Enter the following PowerShell command to retrieve the OktaClaimsProvider value:

    Get-SPClaimProvider

  2. Make sure the Okta provider is Enabled and configured as Default.

     

4. For SharePoint 2010 only: Upload the Okta Certificate People Picker

The SharePoint administrator must import the Okta DigiCert Root Certificate and all certificates in its cert chain into the SharePoint certificate store. Perform the procedure described in For SharePoint 2010 only: Import security certificate to Trusted Root Certificate Authority

 

Troubleshoot the People Picker

Look for OktaClaimsProvider in the SharePoint ULS logs to monitor the activity of the claims provider. A ULS log viewer is recommended.

Upgrade the Okta Claims Provider or People Picker

Before you upgrade the Okta Claims Provider or People Picker, we highly recommended that you completely remove the previous version of the Okta People Picker. See Uninstall Okta People Picker and Okta Authentication for uninstallation instructions and then deploy the new version using the deployment procedure.