Modern Workplace and Management with the efficiency of pure Cloud – Part 2 (Okta Integration)

Integration of Okta

To integrate Okta in the environment as the leading iDP and to provisioning user and groups from Okta to Workspace ONE, we have to do some preparation. We need a directory of type custom which we will create with Postman (www.postman.com) and a Remote Access Client in Workspace ONE Access. Additionally, an OAuth Bearer Token is necessary. In the created directory the users from the Okta universal directory will be provisioned to via the Okta SCIM adapter.

Create Remote App Access Client in Workspace ONE Access

To be able to do that, we Log into the Workspace ONE Access console:

  • Log into the Workspace ONE Access administration portal
  • Click Catalog tab
  • Choose settings
  • Click the tab Remote App Access
  • Click Create Client
  • Access Type = Service Client Token
  • Client ID = enter a unique name (OktaSCIM for instance)
  • Expand the advanced options
  • Click Generate Shared Secret (save it to a textfile you will need it later)
  • Change the time value of Access Token-Time-to-Live (TTL) from days to years
    • That is the timeframe in which you have to update the configuration within Okta
  • Click Add

Generate OAuth Bearer Token – Postman

After you´ve created the Remote Access Client, we will generate a OAtuh Bearer token via Postman.

Under the key authorization in the value column, you should see your Bearer Token. If not, please go back to the authorization tab and choose your Bearer Token from the pulldown menu.

In worst case if it don´t works as expected, repeat the creation of the Bearer Token.

Creation of a Directory of type other in Workspace ONE Access

To provision users from Okta Universal Directory to Workspace ONE Access you have to or should create a Directory to synchronize to.

For that we use Postman again.

Under the Headers tab, add in the key column Content-Type and put in the Valuecolumn for it: application/vnd.vmware.horizon.manager.connector.management.directory.other+json

(If content-type don´t exist, start typing in the column key and choose it from the pulldown menu.

Now switch to the Body tab and use a syntax like this:

Example

{   
"type":"OTHER_DIRECTORY",   
"domains":["OKTA.COM"],   
"name":"Okta Universal Directory"
}

Please pay attention to the correct syntax. Often is an issue if you copy and paste like instead of . Then the command will not work. The OKTA.COM is only a domain example, set it to anything you want but be sure it is unique within your environment!

Caution: If you plan to integrate with Microsoft Azure AD and wants to provision users through all systems including Azure to use one account and password through all your systems and devices, then put in your primary domain here or create a new one for domain federation which you can use here. That will be covert in a later chapter.

As a result, you should get like this:

42 Total Views 2 Views Today
twitterlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *