![Page 1: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/1.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
OrgWikiÒActiveDirectoryConfigurationGuideIntroductionThisguideprovidesinstructionsforconfiguringOktawithOrgWikitoallowauthenticationandprovisioningtobedrivingbyyourexistingActiveDirectoryinfrastructure.ThisguideisintendedforcustomerswhosignedupforOktathroughOrgWiki.ExistingcustomersofOktashouldrefertotheOktaConfigurationGuideTheActiveDirectoryintegrationinvolvesthreemainsteps:
1. ConfiguretheintegrationbetweenOktaandOrgWiki-ThisallowsOktatohandleauthenticationforOrgWikiandtoprovideautomatedprovisioning.
2. SetupActiveDirectoryintegrationwithOkta–ConfiguretheOktaActiveDirectoryAgentwithyourADinstanceandsetupprovisioningrulestoenableautomatedprovisioningofADusersintoOrgWiki
3. Setuptheattributemappings–ThesearemappingsbetweenuserattributesinADandOktaandbetweenOktaandOrgWikitoensuretheappropriateADattributesareprovisionedtoOrgWiki
ConfigureIntegrationbetweenOktaandOrgWikiSignupforOrgWikiandOktaathttps://www.theorgwiki.com/embedded_okta.Thefieldsontheregistrationformwillbeusedto:
1. SignupforanewOktaaccount(includesthefirstadminuser)2. AddtheOrgWikiapptotheOktaaccount3. AssignthefirstadminusertotheOrgWikiapp4. SignupforanewOrgWikiaccount5. ConfigureOrgWikitouseOktaforsingle-signonviaSAML
AftertheabovestepshavebeencompletedyouwillbepromptedtologinviaOktaandthenredirectedtoOrgWiki.SetupActiveDirectoryintegrationwithOktaTosetupActiveDirectory,pleasefollowtheinstructionsonInstallingandConfiguringtheActiveDirectoryAgent.Oncethisiscompleted,userandemployeedatawillbeperiodicallysyncedfromADintotheOktadirectory.Oktarecommendsyouusegroupstotriggerauto-provisioning–onceADgroupsareimportedintoOktayouwillassociateuserswithOrgWikiviatheappropriategrouptotriggerauto-provisioning.
![Page 2: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/2.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
CustomizeAD-OktaattributemappingAkeystepofAD-drivenprovisioninginvolvessettingupattributemappingsfromADintoOktaandthenfromOktatoOrgWiki.UsetheProfileEditortoreviewtheADtoOktamappingsTosetupmappings,intheOktaAdminDashboardyouneedtogotoDirectory->ProfileEditor.SelectyourActiveDirectoryinstanceandclickonMappingstoreviewthecurrentmappings.(Note–youshouldbelookingatthe[AD]toOktamappings.)Bydefault,theOrgWikiusernameissettotheOktausernamewhichdefaultstotheUPN(fromActiveDirectory)oftheuser.OrgWikirequirestheusernamevaluetobetheemailaddressoftheuser.Pleaseensureappuser.emailismappedtotheloginfield
SetupOktaprovisioningtoOrgWikiThefollowinguserattributescanbeprovisionedfromOktatoOrgWiki:DefaultOktaDirectoryattributes:
Attribute Required/Optional CommentsFirstName Required LastName Required Email Required Title Required ManagerID
(emailaddressorIDofmanager)Optional
-Usedforcreatingtheorgchart.-IfIDisuseditneedstomatchthemanager’sExternalId
StreetAddress Optional Setonprofilesandusedforaddingemployeestolocationgroupsandoffices.City Optional
State OptionalCountry OptionalOfficePhone Optional
![Page 3: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/3.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
MobilePhone Optional Nickname Optional
UserType Optional Ifthevalueis“contractor”theemployeewillbemarkedasacontractorinOrgWiki.
Customattributes:
Attribute Required/Optional CommentsStartDate
(mustbeformattedYYYY-MM-DD) OptionalUsedforschedulingthenewhireannouncementandshowingthetenureofanemployeeontheirprofile.
OrgWikiExternalID Optional UniqueIDforemployeese.g.anemployeeID.
StartDateandOrgWikiExternalIDarecustomattributesthatcanbemappedtoOrgWiki.SeeAppendixAandBformoredetailedonaddingtheseattributes.
• FromtheProvisioningtaboftheOrgWikiapp,checktheEnableprovisioningfeaturesbox(seebelow).
![Page 4: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/4.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
• IntheAPIAuthenticationsection,clickAuthenticatewithOrgWiki(seebelow).o Note:ThisuserwillbeusedtoprovisionusersintoOrgWiki.
• AmessagewillappearwithoptiontoallowOktatoconnecttoyourOrgWikiinstance.ClickAuthorize(seebelow).
![Page 5: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/5.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
• NowyourOrgWikiappisauthenticated,scrolldowntheProvisioningpageandselecttheprovisioningfeaturesyouwanttoenable(seebelow).
• ClickNext.CustomizetheattributemappingfromOktatoOrgWikiToeditthemappingsbetweenOktaandOrgWiki,clicktheEditMappingsbuttonunderAttributeMappings,andselecttheOktatoOrgWikitabtoreviewthedefaultmappings.Note–topopulatethemanager’semailaddressintotheOrgWikiManagerIDfieldyoucanusethefollowingexpression:getManagerAppUser(“active_directory”,”active_directory”).email
FormoreinformationonOkta’sexpressionlanguageseehttp://developer.okta.com/reference/okta_expression_language/
![Page 6: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/6.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
AssigninguserstoOrgWikiYoucannowassignuserstotheOrgWikiapp.Donotassignusersmanuallyifyouhavealargenumberofusers,asthisdoesnotscalewell.Instead,useagroupyou’vesynchronizedfromADorcreateagroupdirectlyinOktaforthepurposeofapplicationassignment.ToassignOrgWikitoaselectedgroup:
• InOkta,fromtheAdminDashboard,selectDirectory>Groups,andthenselectthegroupyouwanttoassignto.
• ClicktheManageAppsbuttontoassignappstothegroup(seebelow).
![Page 7: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/7.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
• SearchfortheOrgWikiappandclickAssign,thenclickDone(seebelow).
![Page 8: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/8.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
AppendixA. AddingStartDateAttribute
OrgWikihasaStartDateattributetotheuserprofile.Beforeaddingtheattribute,makesurethedateisformattedcorrectly(YYYY-MM-DD)forOrgWikiusage.Forexample,“2016-01-15”.FollowthestepsbelowtoaddtheStartDateuserattributetotheuserprofile:• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.
• Type“StartDate”fortheDisplaynamefield.• Type“startDate”fortheVariablenamefield.• ForDescription,type“Employee’sstartdatewiththecompany”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.
B. AddingOrgWikiExternalIDAttribute
ThisOrgWikiExternalIDattributecanbeusedtoassociateauniqueIDwithOrgWikiprofiles.FollowthestepsbelowtoaddtheOrgWikiExternalIDuserattributetotheuserprofile:
![Page 9: OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta](https://reader033.vdocuments.us/reader033/viewer/2022050611/5fb20c26b8035b395d0afc27/html5/thumbnails/9.jpg)
ActiveDirectoryConfigurationGuide Ó2016Veeva.Allrightsreserved.
• InOkta,fromtheAdmindashboard,selectDirectory>ProfileEditor.• SelecttheAppssectionintheleftnavigationbar,thenfindtheOrgWikiappinthelist.• ClickProfilethenclickAddAttribute.
• Type“OrgWikiExternalID”fortheDisplaynamefield.• Type“orgwikiExternalId”fortheVariablenamefield.• ForDescription,type“Auniqueidentifierforthisemployee–typicallyusedacross
apps”.• SelectStringfortheDatatypefield.• YoumayleaveAttributerequiredunchecked.• LeaveScopeunchecked.• ClickAddAttribute.