LDAP Mapping and Configuration Settings for Okta LDAP > Jamf

Okta-Jamf-LDAPSettings.txt

LDAP Servers

Connection --
Directory Service: Configure Manually
Server and Port: company.ldap.okta<preview>.com : 636
Use SSL: True
Authentication Type: Simple
Distinguished Username: [email protected],dc=company,dc=okta<preview>,dc=com
Use Wildcards when Searching: True

User Mappings:
Object Class: inetOrgPerson
Search Base: ou=users,dc=company,dc=okta<preview>,dc=com
User ID: uid
Username: uid
Real Name: cn
Email Address: uid
Department: department
Building: o
Position: title
User UUID: entryUUID

Group Mappings:
Object Class: groupofUniqueNames
Search Base: ou=groups,dc=company,dc=okta<preview>,dc=com
Search Scope: All Subtrees
Group ID: uniqueIdentifier
Group Name: cn
Group UUID: entryUUID

User Group Membership Mappings:
Membership Location: Group Object
Member User Mapping: UniqueMember
Use distinguished name of member user when searching the LDAP directory: Enabled
Use the LDAP compare operation when searching the LDAP directory: Disabled
Include member user mapping in returning attributes: Disabled

If you experience issues with OKTA LDAP users being unable to sign into Self Service and/or OKTA LDAP Group users being instantly signed out of JAMF Pro changing

Users Mappings from User UUID: objectGUID to User UUID: uid

If you experience issues with OKTA LDAP users being unable to sign into Self Service and/or OKTA LDAP Group users being instantly signed out of JAMF Pro changing

Users Mappings from User UUID: objectGUID to User UUID: uid

Thanks, seems this is now the correct way to map these. Updated to reflect the changes.

What field does Building map to in Okta?

Building: o

I have seen 3 different inputs for Group UUID:

1. entryUUID
2. objectGUID
3. uid

I see you have entryUUID. I am not sure which one is correct. Have you seen this?