Okta Microsoft SharePoint On-Premise Deployment Guide

This deployment guide explains how to integrate Okta with Microsoft SharePoint (On-Premise). This includes instructions about how to configure Okta as a claims provider in SharePoint, deploy Okta People Picker for SharePoint agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations., and uninstall the Okta authentication.


  • Install a supported version of Microsoft SharePoint:

    • SharePoint Foundation 2010
    • SharePoint Server 2010
    • SharePoint Foundation 2013
    • SharePoint Server 2013
    • SharePoint Server 2016
    Important Note


    Microsoft is ending support for SharePoint 2010. See Microsoft website for more information.

  • Run the prerequisites from the SharePoint installer.
  • Fulfill hardware requirements.
  • Fulfill version-specific requirements:

    Version Requirements
    SharePoint People Picker (versions before Install .NET Framework 3.5+
    SharePoint People Picker version Ensure TLS 1.2 is supported by your server.
    SharePoint 2010 Install .NET Framework 3.5 and one of the patches provided here.
    SharePoint 2013 or 2016

    Install .NET Framework 4.5+, which supports TLS 1.2.


    Install .NET Framework 3.5+ and one of the patches provided here.

  • A valid API token for the Okta People Picker plugin to read users and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. from Okta. See API.



    The API token is only visible upon creation and cannot be retrieved later. If the token is lost, it must be revoked, regenerated, and reconfigured in the People Picker configuration.



  1. Add SharePoint (On-Premise) in Okta
  2. Configure Okta as Claims Provider in SharePoint (On-Premise)
  3. Configure Okta SharePoint People Picker agent
  4. Deploy Okta People Picker for SharePoint agent
  5. Uninstall Okta People Picker and Okta Authentication



  1. For SharePoint 2010 only: Import security certificate to Trusted Root Certificate Authority
  2. Troubleshooting: Microsoft SharePoint On-Premise
  3. Frequently Asked Questions: Microsoft SharePoint On-Premise