teleport icon indicating copy to clipboard operation
teleport copied to clipboard

Published 20 hours ago verified publisher icon gravitational

OTKA SCIM only integration

Open smallinsky opened this issue 9 months ago • 0 comments

What

  • Added app_group_sync_disabled okta plugin setting that will allow to disabled Okta Application and Groups sync.
  • Added types.KindSAML, services.ReadNoSecrets() to types.RoleOkta (SCIM Handler and User sync need to fetch attributes to role mapping set proper user roles during SCIM user createa/updatea and during SCIM sync when user is created/updated)
  • Added ability to install okta plugin with different behaviors
    • SCIM only integration without APIToken:
    $ tctl plugins install okta  \
   --org https://trial-....okta.com \ 
   --saml-connector okta-integration \ 
   --no-users-sync \ 
   --no-accesslist-sync  \
   --no-appgroup-sync \
   --scim

Successfully created OKTA plugin "okta"

SCIM Base URL: https://example.net:443/v1/webapi/scim/okta
SCIM Identifier field for users: userName
SCIM Baerar Token: daf2d46f5d0340cd9194634e3b9062ad

See https://goteleport.com/docs/application-access/okta/hosted-guide for help configuring provisioning in Okta
  • SCIM only integration with APIToken: 
    $ tctl plugins install okta  \
   --org https://trial-....okta.com \ 
   --saml-connector okta-integration \ 
   --no-users-sync \ 
   --no-accesslist-sync  \
   --no-appgroup-sync \
   --scim \ 
   --api-token=secreetOKTAAPIToken

smallinsky avatar May 21 '24 15:05 smallinsky