Boundary Integration
This guide will show you how to setup an integration with Boundary and Indent. Once complete, you can grant temporary and secure access to resources by using Boundary.
Through API magic, Indent securely grants access to just about any service. Boundary is a good integration if you want improve your org's security around accessing sensitive data, and critical infrastructure.
What can I do with Boundary + Indent?
- Protect your infrastructure and enforce change management controls
- Give secure, on-demand production access in seconds
- Make on-boarding & off-boarding developers easier
Boundary is one of a few integrations for managing deployments and environments. Other ways to manage deployments and environments include integrations like Tailscale, Twingate, and AWS IAM.
If you'd like us to add another solution, please send us a request.
Components
This page assumes you completed the Indent Quickstart. (5 min setup)
- HCP Boundary or self-managed Boundary
- Okta Groups Integration
Configuration
This guide uses an identity provider (like Google or Okta) to connect with Boundary. Indent grants temporary (or permanent) access to those groups and resources. Indent also automatically collects evidence your org needs for audits and compliance.
The integration between Boundary and Indent will grant access to accounts from your chosen IdP solution.
1. Set up your Identity Provider
- Follow the instructions in the Indent + Okta docs
- Test your integration with the Using Indent + Okta Groups instructions
2. Follow the Boundary SSO Guide
- Follow Hashicorp's guide to setup Okta as your identity provider for Boundary
- Follow the Boundary OIDC guide for Okta
- Use the guide to create a managed group, managed group filter, and role
- Note: A good practice is to start with a broadly inclusive filter, test that the integration works, and then narrow your filters afterwards
- Use the guide to create a managed group, managed group filter, and role
3. Create a test request on Indent
- Try requesting access from your Indent dashboard
- Note: If you have the Slack integration setup, you can type
/access
or click the lightning bolt to submit a request - Make the access request for an Okta group that satisfies the managed group filter you setup in Step 2
- Note: If you have the Slack integration setup, you can type
Interactive Demo
In the following example, you're logged in as Fouad and can request access to an Okta Group. In real usage, you would need the Okta Group to be linked with a managed group in Boundary. Since the Identity Provider (in this example, Okta) is linked with Boundary, this request will grant Fouad access to any of the resources associated with the group in Boundary.
Try submitting and approving an example request:
You should be able to make a similar live request using your Indent Dashboard.
Summary
Congrats! You added the Boundary + Indent integration. Your employees can now securely request access to Boundary resources. Indent will automatically record an audit log, and (if you desire) auto-expire access after a time period of your choosing.
Check out the Integrations page page for other services your teams want to request. If there's a new integration you'd like to see, request a new one. You might be ready to start inviting others to try Indent. If that's the case, you'll want to send them docs on how to make a request. You and anyone approving requests should read more about approving and declining requests.
Questions
Why can't I see my groups in Indent?
You might need to sync Okta Groups or Google Workspaces with Indent. Try visiting the Resources section in your Indent dashboard, and clicking Pull Updates.
I get Indent approved, but I can't access Boundary. Why?
You might need to setup Boundary to associate a group from your Identity Provider with a managed group.
I can log into Boundary, but I don't see any resources. Why?
You probably need to setup Boundary to have a more inclusive managed groups filter. You may also need to ensure the Boundary role associated with the managed group has access to your resources.
Can Indent host the integration for me?
Sure! We can host the integration on an AWS tenant. That's a popular way to do an initial setup while your teams test out Indent. To start that process, contact Indent Support
How do I ask for help?
If you have questions or need help with your integration, try chatting with Indent Support.