Overview
VMware Workspace ONE UEM offers the ability to integrate with existing corporate user management infrastructure via LDAP or SAML protocols. Customers using both Okta and Workspace ONE can leverage Okta as the source of truth for user management and take advantage of existing user groups in Workspace ONE by integrating with Okta through LDAP.
The configuration below is a sample guideline to configure Okta as an "other LDAP" in Workspace ONE UEM.
- Confirm that an LDAP interface is enabled in the Okta portal.
Note: If an LDAP interface is not available, add a new one using the Add Directory button
- Create an Administrator with at least read only privileges and activate the administrator account.
- Take note of how attributes in the Profile Editor are mapped as this information may be needed to correctly map the attributes in Workspace ONE UEM for User and Group search.
- In the Workspace ONE Console, navigate to Settings > Enterprise Integration > Directory Services. Then provide the following information for the directory service:
Field Attribute information Directory Type Other LDAP Server Enter your Okta URL
e.g. {OktaTenant}.ldap.oktapreview.comEncryption Type SSL
(browser-based cloud to cloud)Port 636 Protocol Version 3 Use Service Account Credentials Disabled Bind Authentication Type Basic Bind User Name uid={OktaAdminUser},dc={OktaTenant},dc=oktapreview,dc=com
(This should be the user name of the administrative account set up in Okta in steps 1-3)Domain "uemlabs" (friendly name to be set by Workspace ONE administrators) Server {OktaTenant}.ldap.oktapreview.com - In within the Directory Services settings in Workspace ONE Console switch to the User tab at the top and provide the following:
Field Attribute information Domain "uemlabs" (friendly name to be set by Workspace ONE administrators) Base DN dc={OktaTenant},dc=oktapreview,dc=com
(use the base domain name for the Okta tenant)User Object Class inetOrgPerson User Search Filter (&(mail={EnrollmentUser})) - Scroll down to the Advanced drop-down section and verify that the LDAP attributes align correctly with the tenant attributes in Okta:
Field Attribute information Object Identifier uniqueIdentifier
(Okta uses this attribute instead of ObjectGUID) - Go to the Group tab at the top and change the attributes to the following:
Field Attribute information Domain "uemlabs" (friendly name to be set by Workspace ONE administrators) Base DN dc={OktaTenant},dc=oktapreview,dc=com
(use the base domain name for the Okta tenant)Group Object Class groupofUniqueNames Organizational Unit Object Class organizationalUnit - Scroll down and click the Advanced drop-down section and set the following:
Field Attribute information Group Search Filter (&(objectClass=groupofUniqueNames)) Membership Attribute should be set to Group Attribute(“Member”)
0 Comments