Views:

TMWS requires the following user attributes for user authentication and policy matching:

  • firstName

  • lastName

  • userName

  • email

  • displayName

  • department

  • (Optional) upn

    Note:

    If you allow user authentication using User Principal Name (UPN) on TMWS, add a custom attribute upn in the Okta user profile.

User information on TMWS comes from Okta, while Okta user information comes from itself or a third-party user store, for example, Active Directory or HR management system. If you have a third-party user store, make sure that the required user attributes are already mapped from your user store to Okta. If you create user profiles directly on Okta, ignore this mapping step.

This section describes how to configure and map user profile attributes among your user store, Okta, and TMWS.

  1. Perform the following steps to map profile attributes from your user store to Okta (Take Active Directory as an example):
    1. Go to Directory > Directory Integrations and click your target AD domain. If you have multiple AD domains, configure them one by one.
    2. On the screen that appears, click the Settings tab, scroll down to the Profile Attributes & Mappings section, and then click Edit Mappings.
    3. On the screen that appears, check if the following mappings are applied:

      • firstName

      • lastName

      • userName

      • email

      • displayName

      • department

      • (Optional) upn

    4. If not, configure them and click Save Mappings.

      You can type a valid user account in the Preview text box to check whether the mappings are as expected.

  2. Perform the following steps to configure attributes on TMWS based on values stored in Okta:
    1. Go to Applications > Applications > <your application>, and click the Provisioning tab and then To App.
    2. Scroll down to the <your application> Attribute Mappings section and click Go to Profile Editor.
    3. On the Profile Editor screen that appears, click Mappings.
    4. On the screen that appears, click the <your application> to Okta tab, select Do not map to remove all the mappings one by one, and then click Save Mappings
    5. Optionally perform the following steps to add a custom attribute upn as necessary:

      1. Click Add Attribute.

      2. Configure the attribute as follows: Data type - string, Display name - upn, Variable name - upn, External name - upn, and External namespace - urn:ietf:params:scim:schemas:extension:toTMWS.

      3. Select User personal, and then click Save.

        The upn attribute appears in the attribute list.

    6. On the Profile Editor screen, scroll down to the attribute list and remove the attributes except for the following:

      • userName

      • givenName

      • familyName

      • email

      • displayName

      • department

      • (Optional) upn

  3. Perform the following steps to map each profile attribute from Okta to TMWS:
    1. Click Mappings and on the screen that appears, click the Okta to <your application> tab.
    2. Select an TMWS attribute from the drop-down list, click Apply mapping on user create and update.
    3. Repeat step b to map all the attributes, and then click Save Mappings.
Parent topic: Okta Authentication