About
LDAP (Lightweight Directory Access Protocol) is an application protocol used to look up authentication data of users or user groups stored on LDAP directory servers when authenticating user access.
Okta is a cloud identity management system used to access both cloud and on-premises applications.
If your organization uses Okta for LDAP authentication, you can configure Zephyr Enterprise to allow Okta users to access it.
The image below demonstrates the authentication procedure:
Configure Zephyr
To configure Zephyr to work with Okta:
1. Log in to Zephyr as an administrator.
2. Go to Administration > Authentication and select LDAP from the Authentication System drop-down menu:
3. Fill in the fields. The settings you specify on this screen vary depending on the application you use. In our example, we use the following connection info:
Setting | Value | Example |
|---|---|---|
Select Directory | Apache Directory Server 1.0.x | |
LDAP Host | The host name of your LDAP server you access through Okta. <org_subdomain>.ldap.<domain>.com where <domain> is either oktapreview, okta, or okta-emea. | ldaps://xyz.ldap.okta.com |
Base DN | The root location where the application will start searching for users and groups. [<ou=users or groups>],<dc=org_subdomain>, dc=<domain> , dc=com where <domain> is either oktapreview, okta, or okta-emea. | dc=xyz,dc=okta,dc=com |
Search Attribute | uid The search attribute to use when loading the username. uid means user ID. | uid |
Bind DN | The distinguished name used to connect to the LDAP server. uid=<username>,<dc=org_subdomain>,dc=<domain>,dc=com where <domain> is either oktapreview, okta, or okta-emea. Note: Must be an admin, but can be a Read-Only admin. | uid=abc,dc=xyz,dc=okta,dc=com |
Bind Password | The the admin user’s password used to connect to the LDAP server. | password |
Username | The username of the sample user used to test authentication. | abc@xyz.com |
Password | The password of the sample user used to test authentication. | password |
4. Specify advanced settings. The settings become available once you you select Apache Directory Server 1.0.x in the Select Directory field:
Populate the fields using the values listed in the table below:
Setting | Value |
|---|---|
Search Attribute | uid |
User Object class | inetOrgPerson |
User Object Filter | (objectClass=inetOrgPerson) |
User First Name Attribute | givenName |
User Last Name Attribute | sn |
User Email Attribute | |
Group Object Class | groupofUniqueNames |
Group Object Filter | (objectClass=groupOfUniqueNames) |
Group Name Attribute | cn |
Group Description Attribute | description |
Group Members Attribute | uniqueMember |
User Members Attribute | memberOf Note: memberOf is not an indexed value. Using memberOf will result in slow search time. |
5. Click Save to apply the changes.
Now you can connect to Zephyr by using Okta.
See Also
Authentication
SSO Setup with Okta in Zephyr
SSO Setup with Azure AD in Zephyr