arvind.maheshwari1.5266640699722004E12 (Customer) asked a question.
Current SharePoint farm is using Windows Claim Based Authentication. Now we are planning to convert farm to use OKTA for authentication and authorization.
We have ran scripts for setting up OKTA as Truasted Token Proivder and also set Email as Claim Provider. Also converted users from windows claim to OKTA claim to maintain the user access.
Issue is we have several sites where users have added AD groups for authentication purpose. Our first approach was creating Global groups in OKTA with these users and replacing AD groups with new groups. After doing audit of current farm we found there are more than 500 different AD groups used in the farm. Converting all those groups and future maintenance will be issue.
To overcome this issue we are thinking using OKTA only for authentication. Can anyone help us with direction so to use OKTA only for authentication and leave authorization with AD.
Let me know if any clarifications are needed.
Hi Arvind,
You can use the Okta People Picker to extend the permissions check to the group membership of the user.
Below is our guide on setting on-premises Sharepoint with Okta, which will offer extensive details for this configuration.
https://support.okta.com/help/s/article/Microsoft-SharePoint-On-Premises-Deployment-Guide
https://docs.microsoft.com/en-us/SharePoint/administration/people-picker-and-claims-providers-overview
Hi Alin,
Will extending OKTA People Picker to include AD groups will also change authorization for SharePoint?