Configuring Okta LDAP for use with VMware Workspace ONE UEM

Overview

VMware Workspace ONE UEM offers the ability to integrate with existing corporate user management infrastructure via LDAP or SAML protocols. Customers using both Okta and Workspace ONE can leverage Okta as the source of truth for user management and take advantage of existing user groups in Workspace ONE by integrating with Okta through LDAP.

The configuration below is a sample guideline to configure Okta as an "other LDAP" in Workspace ONE UEM.

  1. Confirm that an LDAP interface is enabled in the Okta portal.
    Note: If an LDAP interface is not available, add a new one using the Add Directory button
    1.png
  2. Create an Administrator with at least read only privileges and activate the administrator account.
    2.png
  3. Take note of how attributes in the Profile Editor are mapped as this information may be needed to correctly map the attributes in Workspace ONE UEM for User and Group search.
    3.png
  4. In the Workspace ONE Console, navigate to Settings > Enterprise Integration > Directory Services. Then provide the following information for the directory service: 4.png
    Field Attribute information
    Directory Type Other LDAP
    Server Enter your Okta URL
    e.g. {OktaTenant}.ldap.oktapreview.com
    Encryption Type SSL
    (browser-based cloud to cloud)
    Port 636
    Protocol Version 3
    Use Service Account Credentials Disabled
    Bind Authentication Type Basic
    Bind User Name uid={OktaAdminUser},dc={OktaTenant},dc=oktapreview,dc=com
    (This should be the user name of the administrative account set up in Okta in steps 1-3)
    Domain "uemlabs" (friendly name to be set by Workspace ONE administrators)
    Server {OktaTenant}.ldap.oktapreview.com
  5. In within the Directory Services settings in Workspace ONE Console switch to the User tab at the top and provide the following:5.png
    Field Attribute information
    Domain "uemlabs" (friendly name to be set by Workspace ONE administrators)
    Base DN dc={OktaTenant},dc=oktapreview,dc=com
    (use the base domain name for the Okta tenant)
    User Object Class inetOrgPerson
    User Search Filter (&(mail={EnrollmentUser}))
  6. Scroll down to the Advanced drop-down section and verify that the LDAP attributes align correctly with the tenant attributes in Okta:6__2_.png
    Field Attribute information
    Object Identifier uniqueIdentifier
    (Okta uses this attribute instead of ObjectGUID)
  7. Go to the Group tab at the top and change the attributes to the following:7.png8.png
    Field Attribute information
    Domain "uemlabs" (friendly name to be set by Workspace ONE administrators)
    Base DN dc={OktaTenant},dc=oktapreview,dc=com
    (use the base domain name for the Okta tenant)
    Group Object Class groupofUniqueNames
    Organizational Unit Object Class organizationalUnit
  8. Scroll down and click the Advanced drop-down section and set the following:9.png
    Field Attribute information
    Group Search Filter (&(objectClass=groupofUniqueNames))
    Membership Attribute should be set to Group Attribute(“Member”)
Have more questions? Submit a request

0 Comments

Article is closed for comments.