Configure Okta
SAML
- Create an application, but be sure to include the field ID and associate it with
user.id
LDAP
- Enable LDAP Directory Integration
Configure Mattermost
SAML Settings
See existing Okta documentation. Be sure to set the ID Attribute to the field you configured to use user.id
LDAP Settings
Replace example with the Okta organization name:
Server
- LdapServer:
example.ldap.okta.com - LdapPort:
636 - ConnectionSecurity:
TLS - BaseDN:
dc=example, dc=okta, dc=com - BindUsername:
uid=admin@example.com, dc=example, dc=okta, dc=com - UserFilter:
(objectClass=inetOrgPerson) - GroupFilter:
(objectClass=groupofUniqueNames)
Group Attribute Settings
- GroupDisplayNameAttribute:
cn - GroupIdAttribute:
uniqueIdentifier<- IMPORTANT
User Attribute Settings
- FirstNameAttribute:
givenName - LastNameAttribute:
sn - EmailAttribute:
mail - UsernameAttribute:
uid - IdAttribute:
uniqueIdentifier<- IMPORTANT
The uniqueIdentifier is what allows it to sync with SAML when the ID attribute matches the value for the ID attribute configured in the SAML settings. If those values do not match users will be deactivated.