Okta – Installing the Okta LDAP Agent

Okta allows companies to connect to their LDAP directory in order to provide users for Cloud SSO operations. The first step to configure is to install the LDAP Agent, following the steps required to complete the installation.

 

  1. Download the Okta LDAP Agent in the server that will function as LDAP Agent Proxy.

 

2. Once Okta LDAP agent downloaded, start the installation. Click next in the initial page.

3. Review the Okta LDAP Agent agreement and click next.

4. Specify the folder location  where the Okta LDAP Agent will be installed and click Next.

5. Okta LDAP Agent will start the installation files. Wait until is completed.

6. Once completed, you need to configure your LDAP parameters. For this steps we will connect Okta with JumpCloud which is an DaaS ( Directory as a Service )

7. Complete the parameters and click Next. The Okta LDAP Agent will continuing the setup.

8. Now you can configure the Okta LDAP Agent proxy server. You can skip this step if you are planning to use direct connection.

9. Now introduce the values corresponding to your company Okta  URL organization and click Next.

 

10. The Okta LDAP Agent will redirect you to authenticate to your Okta organization. Introduce admin credentials and click Sign In.

11. Okta LDAP Agent will ask permission for the agent. Click Allow Access.

12. Now Okta LDAP Agent will register the agent in your Okta organization.

13. Once the Okta LDAP Agent registration is completed. Now the agent installation is completed. Click finish.

14. Okta LDAP Agent will display a form with the LDAP agent started.

15. At this point Okta LDAP Agent is already installed and registered in your Okta organization. Now you can proceed with the configuration steps. Below a screen within your Okta organization that confirm the Okta LDAP Agent was installed.

 

We will continue this post later with the configuration steps, we will use JumpCloud LDAP capabilities.

 

JumpCloud System – User bindings for windows systems

JumpCloud System – User bindings for windows systems

1. JumpCloud cloud solution for IDaaS allows you to add windows systems using an agent installed on them. Once the system exist within jumpcloud, now you have to configure the user. You go to the System option and select the system, from here you select the user you want to allow access the windows system and choose if you want to allow access as a Standard User or Administrator.

cloud_identity_jumpcloud_2_1

2.Once JumpCloud save the changes. Now you can remote access the server with the user.
cloud_identity_jumpcloud_2_2

3. Now you should have been logged within the windows systems. If you go to the Control Panel and verify the user account now exist.

cloud_identity_jumpcloud_2_3

 

 

What service is installed in Windows systems using JumpCloud?

What service is installed in Windows systems using JumpCloud?

As part of the integration for windows systems, an agent is required to be installed.

JumpCloud agent manages local user accounts and allows you to remotely control your systems.

Display name: JumpCloud Agent
Service name: jumpcloud-agent

Below is the screenshot of the windows service installed by JumpCloud.

cloud_identity_jumpcloud_16

JumpCloud Add New System

Systems in JumpCloud refers to Windows, Mac, and Linux hosts on which you can install a JumpCloud agent and start managing those.

Add new system in JumpCloud require 2 steps:

1. Install a JumpCloud in the system
2. Add New System in the JumpCloud Admin Console

Following the screenshot with the steps :

1. In the JumpCloud System to be managed, login to the Admin Console and download the JumpCloud Agent corresponding to your environment ( Windows, Mac or Linux). Copy and paste the  JumpCloud Connect key that will be used later in the Agent Installation screen.

 

cloud_identity_jumpcloud_15

 

2. Once the JumpCloud is downloaded within the system. Proceed with the installation.

 

cloud_identity_jumpcloud_8

3. Click Next in the JumpCloud destination location
cloud_identity_jumpcloud_8

4. As part of the JumpCloud agent installation, Visual C++ dependency will be installed.

cloud_identity_jumpcloud_9
4. Click Yes to allow the JumpCloud agent to download the Visual C++ requirement.
cloud_identity_jumpcloud_10

5. Now JumpCloud requires to enter the JumpCloud Connect key, this is the value you got when the agent was downloaded.

cloud_identity_jumpcloud_11

 

6. Wait for the JumpCloud registration screen to run the authorization connect key process.

cloud_identity_jumpcloud_13
7. Now the JumpCloud is completed and your system should be ready and added in the JumpCloud Admin Console.
cloud_identity_jumpcloud_14

8. Login to the JumpCloud admin console and verify the system is now added.

 

cloud_identity_jumpcloud_17

 

JumpCloud Add Custom Attribute

JumpCloud Add Custom Attribute

JumpCloud  allows you to extend their Directory schema by adding Custom Attributes. Below a screenshot steps for how to add a custom attribute for a PersonalEmail.

1. After creating a new user in JumpCloud, edit again the user and go to Attributes navigation tab and click +add attribute
cloud_identity_jumpcloud_6

2. Add the custom attribute and value
cloud_identity_jumpcloud_7

 

JumpCloud custom attributes needs to be added manually for each user, this  might be causing some manual work for any company using this solution. The good news is that in future release JumpCloud will support additional features for Custom Attributes. Take a look to the following JumpCloud reference https://jumpcloud.com/engineering-blog/product-update-introducing-attributes-phase-1-ui-updates/

Self-Service in JumpCloud

JumpCloud is known as Directory-as-a-Service solution that provide cloud identity management. Once the identity is created, the user can access to the self-service portal and modify some information or access to their predefined cloud application access.

Below JumpCloud screenshots about how the self-service screen looks like:

1.- The user needs to go to the JumpCloud self-service url https://console.jumpcloud.com/userconsole/login  and select the User Login navigation tab in the JumpCloud screen.

2.- The user needs to introduce their email address and password. This is the information created for the JumpCloud administrator and that belongs to your company, in our case is firstname.lastname@cloud-iam.com

cloud_identity_jumpcloud_4

3.- After successfully login the JumpCloud portal, the user will now see  the information on the screen and be able to modify it.

cloud_identity_jumpcloud_5

Some of the fields allowed to modify are:

Email
Mobile
Work Mobile
Home Phone
Work Phone
Work Fax
Work Address
Home Address

If additional fields are required for your company, JumpCloud allows you to add custom fields.

 

 

 

 

JumpCloud adding a new user

Jump cloud is an offer for Directory-as-a-Service that allows you create new identity in the cloud for your company.

Below are the steps to add a new user:

1. Login as administrator using the following url  https://console.jumpcloud.com/login
cloud_identity_jumpcloud_1

2. Click the + symbol and complete the required fields.

cloud_identity_jumpcloud_2
3. Click Save and you should be able to see the user previously created.

cloud_identity_jumpcloud_3

 

Cloud Identity and access management invite you to learn more about JumpCloud  in their web site at  https://jumpcloud.com/daas-product/index