Brand new to Okta, but not to Identity SaaS. I've just setup an internal LDAP to trial Okta. CentOS 6.4 with IBM Tivoli Directory Server 6.3. Setup the LDAP and created some inetorgperson users. Tested authentiction against those users locally and they work as expected.
Installed the Okta LDAP agent and followed through the instructtions. Everything completed correctly. Configured the LDAP settings in the Okta Admin console, and the test configuration process returns success.
If I try to log into Okta with one of those users, I get an authentication failure. Checking the Okta logs shows the authentication failure but it also reports that it has imported that user. The People tab in the Directories section is still empty.
The password is stored in the LDAP in clear text, but I've tried various hash settings as well with no joy.
Is there something I'm missing ? Why the authentication failures ?
The documentation states to import the users, go to: 1.Go to Directory > Directory Integrations > <your LDAP instance>. 2.Click the Import tab. 3.Click Import Now.
I don't have an Import tab. Agents. People and Settings are all I have.
I've had tried to setup so the users are imported on their first authentication. Under LDAP > Import Settings, the "Create Okta user on First Sign-In" is active. It's description is;
"An LDAP user's Okta account is created the first time they sign into Okta with their LDAP credentials. Your LDAP agents must be active for activation to complete successfully."
So I need to authenticate with a user, and it should be imported at that point. Which brings me back to my original issue of the userid and password that work locally are not working when authenticating through Okta.
I'll dig into the LDAP logs to see what's going on that side, but how can I get more information out of Okta other than just "authentication failure" ?
Just resolved it. In LDAP > Import settings the "Okta username format" was set to email. I set it to UID ( which I've configured to be the same as email ) and it worked just fine. I'm going to play around with the hash settings now to see what works and what doesn't.
Still doesn't answer why I can't manuall import users though ?