Teleport Integration

This guide will show you how to setup an integration Teleport and Indent. Once complete, you'll be able to use Teleport to grant secure on-demand server access.

Components

note

This page assumes you completed the Indent Quickstart. (11 min setup)

• Teleport Enterprise Account and at least one Teleport Node
• Teleport Client
• Okta Account
• AWS S3
• AWS Lambda
• GitHub Actions

This guide will show you how to setup an integration between Teleport and Indent. Once complete, you'll be able to grant access and create policies based on your existing Okta Groups.

Configuration

This guide uses GitHub Actions and Terraform to deploy an Indent + Okta. A Teleport + Okta integration will then seamlessly integrate both services. S3 will be used to store Terraform state, and AWS Lambda will run the webhook.

1. Install Okta + Indent integration

• Open the Indent + Okta docs
• Follow the Configuration instructions
• Test your integration with the Using Indent + Okta Groups instructions

2. Install Teleport + Okta integration

• Open the Teleport + Okta integration docs for enterprise
• Follow the instructions, and then return here for Step 3

3. Test if Teleport + Okta works

• In Okta's tools add yourself to the Okta Group you setup in Step 2. follow the Teleport + Okta guide
  • Test that you're able to connect to a Teleport Node that is associated with your Teleport role
  • Remove yourself from the Okta Group, and confirm you're unable to connect to the same resource

Using Indent + Teleport

Congrats! Your Teleport integration is ready.

Now it's time to use Teleport + Indent to get secure time-bound and on-demand access.

1. Try visiting the request page on the Indent dashboard, or create a request in Slack
   • If you have the Slack integration setup, you can type /access or click the lightning bolt to submit a request
2. On your Petitions page you should be able to see your request as part of a petition. Try clicking the petition to view more details.
   • From the petition details page, click the Review Petition button and follow the prompts

Once approved, you'll be a member of the Okta Group. You now have secure time-bound access thanks to Indent, and a secure connection to your infrastructure thanks to Teleport.

Summary

You added an Teleport + Indent integration. You're now able to request ephemeral and secure on-demand server access using Teleport + Indent. Try SSH'ing into a server, or following one of the many use cases supported by Teleport.

Questions

Where do I view the code I'm deploying?

There are direct code examples in the Indent APIs GitHub. Take a look at the code that runs in these webhooks:

Where can I find a list of all of the secrets?

Name	Description
INDENT_WEBHOOK_SECRET	Get this from the Indent Webhook you created while setting up your space
OKTA_DOMAIN	Your Okta Domain. This is your Okta URL like example.okta.com
OKTA_CLIENT_ID	Your Service App's Client ID. Get this from the Okta Admin Dashboard or from the Okta API Response value you got when settting up your app
OKTA_PRIVATE_KEY	The private RSA key you used to create your Service App
OKTA_SLACK_APP_ID	Your Okta Slack App ID. Go to Okta Admin Console → Applications → Select "Slack" and copy the value from the URL, e.g. 0oabcdefghijklmnop from example-admin.okta.com/admin/apps/slack/0oabcdefghijklmnop/
AWS_REGION	The AWS Region where you want to deploy the webhooks
AWS_ACCESS_KEY_ID	Your Programmatic AWS Access Key ID
AWS_SECRET_ACCESS_KEY	Your Programmatic AWS Secret Access Key
AWS_SESSION_TOKEN	Optional: Your AWS Session Token. Note: If you use an AWS Session ID you will need to update it for each deployment once the session expires

How do I redeploy the webhook?

The repo you created from a template auto-deploys to AWS when you push or merge PRs to the main branch. You can manually redeploy the webhooks by re-running the latest GitHub Action job.

How do I ask for help?

If you have questions or need help with your integration, try chatting with Indent Support.