Mapping Active Directory, LDAP, and Workday Values in a Template SAML or WS Fed Applications Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005u8vsaa&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fmapping-active-directory-ldap-and-workday-values-in-a-template-saml-or-ws-fed-applications-1173521588
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Mapping Active Directory, LDAP, and Workday Values in a Template SAML or WS Fed Applications
Published: Sep 14, 2017   -   Updated: Jun 22, 2018

 

 

okta-doc-source

Mapping Active Directory, LDAP, and Workday Values in a Template SAML or WS Fed Applications

When you integrate Okta with third party SAML 2.0 service providers using the Template SAML 2.0 application, you can now map Active Directory, LDAP, and Workday user values to SAML attributes. In addition to the standard Okta profile attributes (First Name, Last Name, Email, and Okta Username), you can use additional attributes that have been pulled into Okta from Workday, Active Directory, and other LDAP directories.

To configure your Template SAML 2.0 application, perform the following steps:

  1. From the Administrator Dashboard, select Applications and click the Add Applications button.

  2. Enter Template SAML 2.0 App in the search field and select it.

  3. Select the Sign On tab and click the SAML 2.0 setup instructions for Template SAML 2.0 App link.

    Note: For a list of the supported values, select the Active Directory, LDAP, or Workday link on this page.

    mapping_ad1

  4. Identify the instanceId for the repository you want to use. The instanceId of all the configured Active Directory, LDAP, and Workday instances are available on your screen. For example, in the screenshot below, you can see an LDAP instance with the ID of "0oa1npu9k2M2FZAGTMPV". Use that instanceID for each attribute referenced in the mapping.

    mapping_ad2

  5. On the General tab of the Template SAML 2.0 app, configure the attribute statement field to map user values to SAML attributes. For each repository type (Active Directory, LDAP, and Workday), the attribute names and lists are slightly different. Make sure you use the corresponding attribute names for your repository. The Application Specific Attributes section provides a list of the Active Directory, LDAP, and Workday attribute names and formats that are available.

    Note: The maximum characters allowed in a SAML attribute is 1024 characters. The attribute formatting information is not required. If you run out of space in this attribute statement, try removing the format statement below for each attribute; for example urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified.

    mapping_ad3

Top