MicroStrategy ONE

Install and Configure the MicroStrategy Identity Agent for Okta

  1. On the machine where you want to install the Identity Agent for Okta, open and run the Identity Agent installation file as an administrator by right-clicking on okta_installer.exe to select Run as administrator.
  2. Review the information on the Welcome screen and click Next.
  3. After you accept the license agreement, click Next.

  4. Click Finish to close the installation wizard. The Identity Agent Provisioning Tool (APT) opens.

    If the APT does not open automatically when you finish installing the Identity Agent, you can open it by navigating to its file location. To navigate to the default file location, click the Windows Start button, click All Programs, and expand the Identity Agent for the Okta folder. Right-click Config Identity Agent for Okta GUI and select Run as administrator.

  5. In the APT, select Register new agent and click Next.
  6. In the first dialog window, to register the initial connection between MicroStrategy Identity Server and the Identity Agent, do the following:
    1. In the MicroStrategy Identity Server URL (One-way SSL) field, enter the URL provided by Identity Manager, as described in To Register your Identity Agent in MicroStrategy Identity Manager.
    2. If the Agent will be installed within a network protected by a proxy, you must add the proxy information to the Agent.
      • Click the drop-down menu next to Is the network protected by proxy or firewall? and choose Proxy.
      • Provide the proxy host, port, username, and password.
    3. If MicroStrategy Identity Server is installed in your IT infrastructure, you must add its Certificate Authority (CA) chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually.
      • Click the drop-down menu next to Is MicroStrategy Identity Server CA included in truststore? and choose No.
      • Click Add CA to truststore.
      • Enter an Alias for the CA certificate. Existing CA names should not be used.
      • In the Certificate Path field, enter the path to the CA certificate, or click Browse to navigate to the file.
      • Click Add to import the certificate into the trust store.
    4. In the CSR file path field, enter the path to the CSR, or click Browse to navigate to the file.
    5. In the Registration code field, enter the code provided by Identity Manager, as described in Create a Certificate Signing Request in Okta . If the registration code has expired, click the refresh icon in Identity Manager to acquire a new code.
  7. Click Submit to go to the next dialog window.
  8. In the second dialog window, set up the connection between MicroStrategy Identity Gateway and the Identity Agent:
    1. The Organization ID and Application ID are prepopulated from the initial connection to MicroStrategy Identity Server. The Application ID should match the Agent ID provided by Identity Manager, as described in To register your Identity Agent in MicroStrategy Identity Manager.
    2. In the Private key path field, enter the path to the private key, or click Browse to navigate to the file.
    3. The Gateway URL is prepopulated from the initial connection to MicroStrategy Identity Server.
    4. If MicroStrategy Identity Gateway is installed in your IT infrastructure and uses a different CA than MicroStrategy Identity Server, you must add its CA chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually. See step 3c for instructions.
    5. Ensure that the drop-down menu next to Please choose the agent adapter type has selected Okta agent.
    6. You can display a profile photo on each user's MicroStrategy Badge, as described in Including Profile Photos in Okta. If the URL used to access Okta user photos requires authentication, you must provide credentials to the Agent to access photo files.
      • Click the drop-down menu next to Does your photo URL need authentication? and choose Yes.
      • Provide the username and password.
  9. Click Next to go to the next dialog window.

  10. In the third dialog window, to set up the connection between the Identity Agent and your Okta server, do the following:

    • Okta server URL (Two-way SSL) field, enter the Okta server URL. This value is available in the "Welcome to Okta - Account Activation" email you should have received when registering an account with Okta. The server URL is also used when accessing your Okta account.

    • Okta access token field, enter the Okta access token.

      For information about how to generate this token, see https://developer.okta.com/docs/api/getting_started/getting_a_token.html.

  11. Click Submit. The Identity Agent tests the connection with your Okta server and completes its configuration.
  12. In the confirmation pop-up, click OK. The APT will close automatically.

Next, Add Okta Information to MicroStrategy Identity and Synchronize Users.