We're Hiring!

Mattermost, Inc.

Setting up Okta LDAP Sync w/ Okta login

Configure Okta

SAML

  1. Create an application, but be sure to include the field ID and associate it with user.id

LDAP

  1. Enable LDAP Directory Integration

Configure Mattermost

SAML Settings

See existing Okta documentation. Be sure to set the ID Attribute to the field you configured to use user.id

LDAP Settings

Replace example with the Okta organization name:

Server

  • LdapServer: example.ldap.okta.com
  • LdapPort: 636
  • ConnectionSecurity: TLS
  • BaseDN: dc=example, dc=okta, dc=com
  • BindUsername: uid=admin@example.com, dc=example, dc=okta, dc=com
  • UserFilter: (objectClass=inetOrgPerson)
  • GroupFilter: (objectClass=groupofUniqueNames)

Group Attribute Settings

  • GroupDisplayNameAttribute: cn
  • GroupIdAttribute: uniqueIdentifier <- IMPORTANT

User Attribute Settings

  • FirstNameAttribute: givenName
  • LastNameAttribute: sn
  • EmailAttribute: mail
  • UsernameAttribute: uid
  • IdAttribute: uniqueIdentifier <- IMPORTANT

The uniqueIdentifier is what allows it to sync with SAML when the ID attribute matches the value for the ID attribute configured in the SAML settings. If those values do not match users will be deactivated.

1 Like