Skip to main content

Twingate Integration

This guide will show you how to setup an integration between Indent and Twingate. Once complete, you'll be able to use Twingate to grant secure on-demand server access.

Components

note

This page assumes you completed the Indent Quickstart. (11 min setup)

This guide will show you how to setup an integration between Indent and Twingate. Once complete, you'll be able to grant access and create policies based on your existing Okta Groups.

Configuration

This guide uses GitHub Actions and Terraform to deploy an Indent + Okta. A Twingate + Okta integration will then seamlessly integrate both services. S3 will be used to store Terraform state, and AWS Lambda will run the webhook.

1. Follow the Indent + Okta Guide

  • Open the Indent + Okta docs
  • Follow the Configuration instructions
  • Test your integration with the Using Indent + Okta Groups instructions

2. Follow the Twingate + Okta Guide

3. Assign Resources to Twingate Groups

  • In your Twingate Admin console click on an Okta Group where you would like to test ephemeral access
    • If your Group is missing Resources, you likely need to setup a Twingate Connector and assign the Resource
    • If your Twingate Admin console is missing Groups, you may need to re-visit the Twingate + Okta guide or upgrade your Twingate license

Using Indent + Twingate

Congrats! Your Twingate integration is ready.

Now it's time to use Indent + Twingate to get secure on-demand and ephemeral access to Resources.

  1. Try visiting the request page on the Indent dashboard, or create a request in Slack
    • If you have the Slack integration setup, you can type /access or click the lightning bolt to submit a request
    • Your request should be for an Okta User to be granted access to the Okta Group you checked in the Assign Resources to Twingate Groups step
  2. On your Petitions page you should be able to see your request as part of a petition. Try clicking the petition to view more details.
    • From the petition details page, click the Review Petition button and follow the prompts

Once approved, you'll be a member of the Okta Group. You can now authenticate using your Twingate Client, and easily access Resources.

Summary

You added an Indent + Twingate integration. You're now able to request ephemeral and secure on-demand server access using Indent + Twingate. Try SSH'ing into a server, or following one of the many use cases supported by Twingate.

Questions

Where do I view the code I'm deploying?

There are direct code examples in the Indent APIs GitHub. Take a look at the code that runs in these webhooks:

Why don't I see my Twingate Resources after making a Request?

The Okta Group you're requesting access to needs to also be associated with a Resource in Twingate's Admin console.

  • If your Group is missing Resources, you likely need to setup a Twingate Connector and assign the Resource
  • If your Twingate Admin console is missing Groups, you may need to re-visit the Twingate + Okta guide or upgrade your Twingate license
Where can I find a list of all of the secrets?
NameDescription
INDENT_WEBHOOK_SECRETGet this from the Indent Webhook you created while setting up your space
OKTA_DOMAINYour Okta Domain. This is your Okta URL like example.okta.com
OKTA_CLIENT_IDYour Service App's Client ID. Get this from the Okta Admin Dashboard or from the Okta API Response value you got when settting up your app
OKTA_PRIVATE_KEYThe private RSA key you used to create your Service App
OKTA_SLACK_APP_IDYour Okta Slack App ID. Go to Okta Admin Console Applications Select "Slack" and copy the value from the URL, e.g. 0oabcdefghijklmnop from example-admin.okta.com/admin/apps/slack/0oabcdefghijklmnop/
AWS_REGIONThe AWS Region where you want to deploy the webhooks
AWS_ACCESS_KEY_IDYour Programmatic AWS Access Key ID
AWS_SECRET_ACCESS_KEYYour Programmatic AWS Secret Access Key
AWS_SESSION_TOKENOptional: Your AWS Session Token.
Note: If you use an AWS Session ID you will need to update it for each deployment once the session expires
How do I redeploy the webhook?

The repo you created from a template auto-deploys to AWS when you push or merge PRs to the main branch. You can manually redeploy the webhooks by re-running the latest GitHub Action job.

How do I ask for help?

If you have questions or need help with your integration, try chatting with Indent Support.