ºÚÁϺ£½Ç91Èë¿Ú

Prerequisites:Ìý

• See Use Cloud LDAP to obtain the ºÚÁϺ£½Ç91Èë¿Ú specific settings required below.

Okta LDAP Agent Configuration

When using the  here are the basic settings to configure authentication with ºÚÁϺ£½Ç91Èë¿Ú's hosted LDAP service:

• LDAP Server:Ìý±ô»å²¹±è.Âá³Ü³¾±è³¦±ô´Ç³Ü»å.³¦´Ç³¾
• Root DN:Ìýou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
• Bind DN:Ìýuid=LDAP_BIND_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
• Bind Password:Ìý³¢¶Ù´¡±Ê³åµþ±õ±·¶Ù³å±«³§·¡¸é³å±Ê´¡³§³§°Â°¿¸é¶Ù
• Use SSL connection: Enable for SSL 

LDAP Configuration Settings in Okta

Version

• LDAP Version:ÌýOpenLDAP

Objects

• Unique Identifier Attribute:Ìýentrydn
• DN Attribute:Ìýentrydn

Users

• User Search Base:Ìýou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
• User Object Class:Ìýinetorgperson
• User Object Filter:Ìý(objectclass=inetorgperson)
• Account Disabled Attribute:Ìýpwdlock
• Account Disabled Value:Ìýtrue
• Password Attribute:Ìýuserpassword

Group

• Group Search Base:Ìýou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
• Group Object Class:Ìýgroupofnames
• Group Object Filter:Ìý(objectclass=groupofnames)
• Member Attribute:Ìýmember
• User Attribute:Ìýmemberof

Role

• Object Class:Ìýgroupofnames
• Membership Attribute:Ìýmemberof

Validating Configurations

• Okta username format: email
• Example username: [email protected]

Example of  a Successfully Validated Configuration

Importing Users into Okta from ºÚÁϺ£½Ç91Èë¿Ú via LDAP

Once you've configured Okta LDAP's Directory Integration and LDAP Agents, the next step is to import Users from ºÚÁϺ£½Ç91Èë¿Ú. 

To import users into Okta from ºÚÁϺ£½Ç91Èë¿Ú:Ìý

1. Navigate to Directory Integrations and select the newly configured LDAP Directory Integration you've just configured in the steps above. 
2. Select the Import ³Ù²¹²ú.Ìý
3. Click Import Now.
4. A pop up modal will appear, allowing you to select Incremental or Full. This will be based on how you would like to import users. To start or test the import, select Incremental.Ìý
5. Click Import.
6. You'll see the number of Users and Groups that have been scanned from your ºÚÁϺ£½Ç91Èë¿Ú organization that have been bound to ºÚÁϺ£½Ç91Èë¿Ú LDAP.
7. You can then select the users you'd like to import into Okta from ºÚÁϺ£½Ç91Èë¿Ú from this list. 
8. When you're ready to import these selected users, select Confirm Assignments.

Once you've imported your users from ºÚÁϺ£½Ç91Èë¿Ú into Okta via LDAP, you should see these Users within the People tab within the Okta LDAP Directory Integration within Okta's admin portal.

Troubleshooting

If the error Could not find a value for the BaseSubstitutionProperty on the User result is received, perform the following steps to resolve:

1. During initial configuration, remove the memberOf value for the Groups > User Attribute configuration and leave the field blank.
2. After the configuration is successfully saved, this value may then be re-input as per the configuration listed below.
3. If the verification test continues to fail after replacing the memberOf attribute within the configuration, then confirm that your LDAP Users have been associated with an LDAP-enabled group as the query performed by Okta requires the attribute to be present in the user object during the verification.