Deploy Okta People Picker for SharePoint agent
Install and deploy the Okta People Picker for SharePoint agent to your SharePoint farm environment. The default installation steps outlined below activate the feature at the farm level.
Before you begin
If you are upgrading the Okta People Picker, completely remove the previous version of the Okta People Picker. See Uninstall Okta People Picker and Okta authentication.
Start this procedure
This procedure includes the following tasks:
In the Okta Admin Console, go to Settings > Download and download the Okta People Picker for SharePoint Server 2010, 2013, or 2016.
Enter the following PowerShell commands to add and install the Okta SharePoint solution for People Picker:
Add-SPSolution -LiteralPath "C:\OktaClaimsProviderxx.xxx.wsp"
Install-SPSolution -Identity "oktaclaimsproviderxx.xxx.wsp" –GACDeployment
Replace the LiteralPath command line argument with the path to the downloaded People Picker WSP solution ﬁle, and update the Identity command line argument with the appropriate version-based ﬁle name.
- It might take a few minutes for the agent to be installed and deployed.
- You can query your deployment status by entering the following PowerShell command:
- The status output reads
Deployedafter the solution has been deployed to the farm.
- If the status output continues to read
Not deployed, sign into the SharePoint Central Administration console, select System Settings > Manage Farm Solutions, and check for error messages.
- If necessary, cancel the deployment and restart it using the SharePoint Central Administration Management Console.
Deploy the agent using the SharePoint Central Administration Management Console. Confirm the installation and troubleshoot any issues.
We highly recommend that you use a ULS viewer during the People Picker installation procedure to help you diagnose configuration issues.
Assign the Okta Claims Provider that was configured during the Okta SSO configuration as the
SPTrustedIdentityTokenIssuer for People Picker.
SPTrustedIdentityTokenIssuer was named something other than
Okta during the SSO configuration, update the commands below with the correct values.
$trust = Get-SPTrustedIdentityTokenIssuer "Okta"
$trust.ClaimProviderName = "OktaClaimsProvider"
Enter the following PowerShell command to retrieve the
Make sure the Okta provider is
Enabledand configured as
The SharePoint administrator must import the Okta DigiCert Root Certificate and all certificates in its cert chain into the SharePoint certificate store. Perform the procedure described in For SharePoint 2010 only: Import security certiﬁcate to Trusted Root Certiﬁcate Authority
Troubleshoot the People Picker
OktaClaimsProvider in the SharePoint ULS logs to monitor the activity of the claims provider. A ULS log viewer is recommended.