Setting up Okta LDAP Sync w/ Okta login

Configure Okta


  1. Create an application, but be sure to include the field ID and associate it with


  1. Enable LDAP Directory Integration

Configure Mattermost

SAML Settings

See existing Okta documentation. Be sure to set the ID Attribute to the field you configured to use

LDAP Settings

Replace example with the Okta organization name:


  • LdapServer:
  • LdapPort: 636
  • ConnectionSecurity: TLS
  • BaseDN: dc=example, dc=okta, dc=com
  • BindUsername:, dc=example, dc=okta, dc=com
  • UserFilter: (objectClass=inetOrgPerson)
  • GroupFilter: (objectClass=groupofUniqueNames)

Group Attribute Settings

  • GroupDisplayNameAttribute: cn
  • GroupIdAttribute: uniqueIdentifier <- IMPORTANT

User Attribute Settings

  • FirstNameAttribute: givenName
  • LastNameAttribute: sn
  • EmailAttribute: mail
  • UsernameAttribute: uid
  • IdAttribute: uniqueIdentifier <- IMPORTANT

The uniqueIdentifier is what allows it to sync with SAML when the ID attribute matches the value for the ID attribute configured in the SAML settings. If those values do not match users will be deactivated.

1 Like