update help docs for new directory connector

_articles/directory-connector/azure-active-directory.md

@@ -8,7 +8,7 @@ hidden: false
 tags: []
 ---
 
-This article will cover how to connect the Bitwarden Directory Connector tool to your Azure Active Directory.
+This article will cover how to connect the Bitwarden Directory Connector application to your Azure Active Directory.
 
 ## Requirements
 
@@ -82,7 +82,7 @@ This article will cover how to connect the Bitwarden Directory Connector tool to
 
 ## Configure Directory Connector
 
-1. Launch the Directory Connector desktop application
+1. Launch the Directory Connector desktop application.
 2. Go to the **Settings** tab.
 3. Select **Azure Active Directory** as the directory type.
 6. Enter the **Tenant** hostname that you copied from the steps above (ex. company.onmicrosoft.com).
@@ -97,4 +97,4 @@ Congrats! You are done configuring Azure Active Directory with the Bitwarden Dir
 It can take up to 15 minutes for the granted permissions for your application to properly propagate. You may receive "Insufficient privileges to complete the operation" errors in the meantime.
 {% endnote %}
 
-Test your configurations by running a simulated directory sync. You should see your Azure Active Directory groups and/or users printed to the screen.
+Test your configuration by running a sync test. You should see your Azure Active Directory groups and/or users printed to the screen.

_articles/directory-connector/directory-sync.md

@@ -21,13 +21,13 @@ The following directories are supported:
 Directory sync is only available to enterprise organizations.
 {% endnote %}
 
-## Bitwarden Directory Connector Tool
+## Bitwarden Directory Connector Application
 
 The Bitwarden Directory Connector is cross-platform desktop application that allows you to keep your Bitwarden organization and user directory in sync. Directory Connector can be run on-demand manually as well as automatically in the background on an configured interval. The Directory Connector application can be installed on Windows, macOS, and most Linux distributions.
 
 You can install and run Directory Connector as an agent on the server that hosts your directory, an administrator's workstation, or any other desktop device than can access the directory.
 
-{% image directory-connector/console.png %}
+{% image directory-connector/app.png %}
 
 ### Table of Contents
 
@@ -77,6 +77,7 @@ By default the Directory Connector communicates with the Bitwarden public cloud
    - [Active Directory & Other LDAP-based Directories Setup]({% link _articles/directory-connector/ldap-directory.md %})
    - [Azure Active Directory Setup]({% link _articles/directory-connector/azure-active-directory.md %})
    - [G Suite (Google) Setup]({% link _articles/directory-connector/gsuite-directory.md %})
+   - [Okta Setup]({% link _articles/directory-connector/okta-directory.md %})
 
 ### Configure sync options
 

_articles/directory-connector/gsuite-directory.md

@@ -8,7 +8,7 @@ hidden: false
 tags: []
 ---
 
-This article will cover how to connect the Bitwarden Directory Connector tool to your G Suite directory.
+This article will cover how to connect the Bitwarden Directory Connector application to your G Suite directory.
 
 ## Requirements
 
@@ -85,7 +85,7 @@ If you already have a Google Cloud project available, you can skip this step and
 
 ## Configure Directory Connector
 
-1. Launch the Directory Connector desktop application
+1. Launch the Directory Connector desktop application.
 2. Go to the **Settings** tab.
 3. Select **G Suite Directory** as the directory type.
 4. Enter the **Domain** of your G Suite account.
@@ -97,4 +97,4 @@ Congrats! You are done configuring G Suite with the Bitwarden Directory Connecto
 
 ## Testing
 
-Test your configurations by running a simulated directory sync. You should see your G Suite groups and/or users printed to the screen.
+Test your configuration by running a sync test. You should see your G Suite groups and/or users printed to the screen.

_articles/directory-connector/ldap-directory.md

@@ -29,22 +29,23 @@ We provide built-in connectors for the most popular LDAP directory servers, such
 
 ## Connecting to the LDAP Server
 
-1. Launch the Directory Connector console by double clicking the shortcut. 
-2. Select option 3 (Configure directory connection) from the main menu.
-3. Select the type of directory server you are configuring. In this case, either **Active Directory** or **Other LDAP Directory**.
+1. Run the Directory Connector application.
+2. Go to the **Settings** tab.
+3. Select **Active Directory / LDAP** as the **Type** of directory server you are configuring.
 
-The following options can be set:
+The following directory configuration options can be set:
 
 {% table %}
 
 | Property | Description | Examples |
 |----------|-------------|----------|
-| Address | The host name of your directory server. | `ad.company.com` or `ldap.company.local` |
+| Server Hostname | The hostname of your directory server. | `ad.company.com` or `ldap.company.local` |
 | Port | The port on which your directory server is listening. | 389 or 10389 |
-| Path | The root path at which the Directory Connector should start all queries. | `cn=users,dc=ad,dc=company,dc=com` |
-| Current user | Authenticate to the directory server as the currently logged in user. For Active Directory, the user should be a member of the built-in administrators group. |  |
-| Username | The distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrators group. | `cn=admin,cn=users,dc=ad,dc=company,dc=com` or `admin@company.com` |
-| Password | The password of the user specified above. Note that the password is safely encrypted before being stored for the application, however, to better guarantee its security, you should ensure that other processes do not have OS-level read permissions for this application's settings files. |  |
+| Root Path | The root path at which the Directory Connector should start all queries. | `cn=users,dc=ad,dc=company,dc=com` |
+| LDAPS | If the server is using LDAP over SSL (LDAPS). |  |
+| Active Directory | If the server is an Active Directory server. |  |
+| Username | The distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrators group. | `cn=admin,cn=users,dc=ad,dc=company,dc=com` or `company\admin` (Active Directory) |
+| Password | The password of the user specified above. The password is safely stored in the operating system's native credential manager. |  |
 
 {% endtable %}
 
@@ -52,30 +53,33 @@ The following options can be set:
 
 1. Launch the Directory Connector desktop application
 2. Go to the **Settings** tab.
-3. Select **Active Directory / LDAP** as the directory type.
-3. Specify the appropriate settings for your Active Directory or LDAP server.
+3. Configure the appropriate **Sync** settings for your Active Directory or LDAP server.
+
+{% note %}
+If you are using Active Directory, many of these settings are predetermined for you and are therefore are not shown.
+{% endnote %}
 
 {% table %}
 
 | Property | Description | Examples |
 |----------|-------------|----------|
-| Sync Groups | Sync groups to your organization. |  |
-| Sync Users | Sync users to your organization. |  |
-| Sync Interval | When using the background service, the interval, in minutes, that you wish to automatically sync. | 5 |
-| User Filter | A filter for limiting the users that are synced. Read more at [Configuring user and group sync filters]({% link _articles/directory-connector/user-group-filters.md %}). | (&(objectClass=user)) |
-| Group Filter | A filter for limiting the groups that are synced. Read more at [Configuring user and group sync filters]({% link _articles/directory-connector/user-group-filters.md %}). | (&(objectClass=group)) |
-| Remove Disabled | When a user is disabled in the directory, should they also be removed from your Bitwarden organization? |  |
-| Group Object Class | The name of the class used for the LDAP group object. | group |
-| User Object Class | The name of the class used for the LDAP user object. | user |
-| Group Path | This value is used in addition to the root path when searching and loading groups. If no value is supplied, the subtree search will start from the root path. | ou=Groups |
-| User Path | This value is used in addition to the root path when searching and loading users. If no value is supplied, the subtree search will start from the root path. | ou=Users |
-| Group Name Attribute | The attribute field to use when loading the group name. | name |
-| User Email Attribute | The attribute field to use when loading the user email address. | mail |
-| Member Attribute | The attribute field to use when loading the group's members. | member |
-| Use Email Prefix/Suffix | Email addresses are required by Bitwarden. If your directory users do not have email addresses they will be skipped. Alternatively, you can specify that users without an email address use a prefix attribute concatenated with a suffix to attempt to form a valid email address. |  |
-| Email Prefix Attribute | The attribute field to use when forming a user's email address from the prefix/suffix setting. | sAMAccountName |
-| Email Suffix | The specified suffix to use when forming a user's email address from the prefix/suffix setting. | @company.com |
+| Interval | The interval, in minutes, that you wish to perform automatic sync checks. | 5 |
+| Remove Disabled Users | When a user is disabled in the directory, should they also be removed from your Bitwarden organization? |  |
+| Member Attribute | The attribute field to use when loading the group's members. | uniqueMember |
 | Creation Date Attribute | The attribute field that specifies when an entry was created. | whenCreated |
 | Revision Date Attribute | The attribute field that specifies when an entry was changed. | whenChanged |
+| Use Email Prefix/Suffix | Email addresses are required by Bitwarden. If your directory users do not have email addresses they will be skipped. Alternatively, you can specify that users without an email address use a prefix attribute concatenated with a suffix to attempt to form a valid email address. |  |
+| Email Prefix Attribute | The attribute field to use when forming a user's email address from the prefix/suffix setting. | accountName |
+| Email Suffix | The specified suffix to use when forming a user's email address from the prefix/suffix setting. | @company.com |
+| Sync Users | Sync users to your organization. |  |
+| User Filter | A filter for limiting the users that are synced. Read more at [Configuring user and group sync filters]({% link _articles/directory-connector/user-group-filters.md %}). | (&(givenName=John)) |
+| User Object Class | The name of the class used for the LDAP user object. | user |
+| User Path | This value is used in addition to the root path when searching and loading users. If no value is supplied, the subtree search will start from the root path. | ou=Users |
+| User Email Attribute | The attribute field to use when loading the user email address. | mail |
+| Sync Groups | Sync groups to your organization. |  |
+| Group Filter | A filter for limiting the groups that are synced. Read more at [Configuring user and group sync filters]({% link _articles/directory-connector/user-group-filters.md %}). | (&!(name=Sales*)) |
+| Group Object Class | The name of the class used for the LDAP group object. | groupOfUniqueNames |
+| Group Path | This value is used in addition to the root path when searching and loading groups. If no value is supplied, the subtree search will start from the root path. | ou=Groups |
+| Group Name Attribute | The attribute field to use when loading the group name. | name |
 
 {% endtable %}

_articles/directory-connector/okta-directory.md

@@ -0,0 +1,47 @@
+---
+layout: article
+title: Configuring directory sync with Okta
+categories: [organizations]
+featured: true
+popular: false
+hidden: false
+tags: []
+---
+
+This article will cover how to connect the Bitwarden Directory Connector application to your Okta Directory.
+
+## Requirements
+
+- Read through the following article: [Syncing users and groups with a directory]({% link _articles/directory-connector/directory-sync.md %})
+- Install Bitwarden Directory Connector
+- Using Directory Connector, log into your Bitwarden account and select your enterprise organization
+
+## Table of Contents
+
+- [Create an API token](#create-an-api-token)
+- [Configure Directory Connector](#configure-directory-connector)
+- [Testing](#testing)
+
+## Create an API token
+
+1. Log into your Okta Developer Console
+2. Select **API** → **Tokens** from the navigation menu
+   {% image directory-connector/okta/api-tokens.png %}
+3. Click the **Create Token** button and name the token something like "Bitwarden Connector", then click the **Create Token** button.
+   {% image directory-connector/okta/create-token.png %}
+4. Note and copy your API token for use with the Directory Connector. Your token will not be shown again so you may want to save it somewhere so that you can easily access it when configuring your directory connection later.
+   {% image directory-connector/okta/copy-token.png %}
+
+## Configure Directory Connector
+
+1. Launch the Directory Connector desktop application
+2. Go to the **Settings** tab.
+3. Select **Okta** as the directory type.
+4. Enter your Okta organization's URL (ex. https://mycompany.okta.com/).
+5. Enter the API **Token** that you copied from the steps above.
+
+Congrats! You are done configuring Okta with the Bitwarden Directory Connector.
+
+## Testing
+
+Test your configuration by running a sync test. You should see your Okta groups and/or users printed to the screen.

_articles/directory-connector/user-group-filters.md

@@ -8,7 +8,7 @@ hidden: false
 tags: []
 ---
 
-You can configure the Bitwarden Directory Connector to use filters to limit the users and/or groups that are processed for syncing to your bitwarden organization.
+You can configure the Bitwarden Directory Connector application to use filters to limit the users and/or groups that are processed for syncing to your Bitwarden organization.
 
 The syntax for filtering is different for each directory server type and is covered in detail below.
 
@@ -17,12 +17,13 @@ The syntax for filtering is different for each directory server type and is cove
 - [Active Directory and Other LDAP Directories](#active-directory-and-other-ldap-directories)
 - [Azure Active Directory](#azure-active-directory)
 - [G Suite](#g-suite)
+- [Okta](#okta)
 
 ## Active Directory and Other LDAP Directories
 
 The group and user filters can be in the form of any LDAP compatible search filter. Additionally, Active Directory provides a few more advanced options as well as a few limitations when writing search filters as opposed to other more standard LDAP directories. You can read more about writing LDAP search filters here: <https://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx>
 
-#### Examples
+### Examples
 
 Search for all entries that have objectClass=user AND cn that contains the word 'Marketing'.
 
@@ -47,7 +48,7 @@ To exclude entities which match an expression, use '!'. Find all Chicago entries
 ```
 
 {% note %}
-These examples are written for Active Directory. In order to use them for something such as OpenLDAP the attributes will need to be changed.
+The following examples are written for Active Directory. In order to use them for something such as OpenLDAP the attributes will need to be changed.
 {% endnote %}
 
 Users in the 'Heroes' group
@@ -66,9 +67,13 @@ Users that are a member of the 'Heroes' group, either directly or via nesting
 
 The Microsoft Graph API does not provide a way to filter groups and users directly, however, you can use our custom filtering syntax that allows you to exclude or include a comma separated list of group names and user emails.
 
-#### Examples
+### Examples
 
-Groups
+#### Groups
+
+{% note %}
+If you are filtering groups your user filter will only apply to users from the groups returned.
+{% endnote %}
 
 ```
 include:Group A,Sales People,My Other Group
@@ -78,7 +83,7 @@ include:Group A,Sales People,My Other Group
 exclude:Group C,Developers,Some Other Group
 ```
 
-Users
+#### Users
 
 ```
 include:joe@company.com,bill@company.com,tom@company.com
@@ -94,6 +99,10 @@ exclude:joe@company.com
 
 The G Suite APIs do not provide a way to filter groups directly, however, you can use our custom filtering syntax that allows you to exclude or include a comma separated list of group names.
 
+{% note %}
+If you are filtering groups your user filter will only apply to users from the groups returned.
+{% endnote %}
+
 #### Examples
 
 ```
@@ -131,3 +140,53 @@ Only the G Suite `query` search (notice the `|` prefix that is required):
 ```
 |orgName=Engineering orgTitle:Manager
 ```
+
+## Okta
+
+We provide a custom filtering syntax that allows you to exclude or include a comma separated list of group names or user emails.
+
+Additionally, the Okta APIs provide limited filtering capabilities for users and groups. Read more about filtering with the `filter` parameter here: <https://developer.okta.com/docs/api/resources/groups#filters> and <https://developer.okta.com/docs/api/resources/users#list-users-with-a-filter>
+
+You can combine both of these filtering options by concatenating the two strings with a pipe (`|`);
+
+### Examples
+
+#### Groups
+
+Only the include/exclude filter:
+
+```
+include:Group A,Group B
+```
+
+An include/exclude filter + an Okta `filter`:
+
+```
+exclude:Group A|type eq "APP_GROUP"
+```
+
+Only the Okta `filter` search (notice the `|` prefix that is required):
+
+```
+|type eq "BUILT_IN"
+```
+
+#### Users
+
+Only the include/exclude filter:
+
+```
+include:joe@company.com,bill@company.com,tom@company.com
+```
+
+An include/exclude filter + an Okta `filter`:
+
+```
+exclude:john@company.com,bill@company.com|profile.firstName eq "John"
+```
+
+Only the Okta `filter` search (notice the `|` prefix that is required):
+
+```
+|profile.lastName eq "Smith"
+```