Okta Groups + Indent
This guide will show you how to setup and integration between Indent and Okta. Once complete, you'll be able to apply policy based on your current Okta Groups.
#
Componentsnote
This page assumes you completed the Indent Quickstart. (5 min setup)
#
ConfigurationThis guide uses GitHub Actions and Terraform to deploy an Indent + Okta integration. S3 will be used to store Terraform state, and AWS Lambda will run the webhook.
#
1. Cloning the repo- Click on the Use This Template button to clone the repo
- In the new repo go to Settings and then Secrets > Actions
- Leave this tab open for the secrets you grab in the next steps
#
2. Configuring the S3 bucket- Go to AWS S3 and check that you are pointed at the correct region, like
us-west-2
- Select an existing bucket or create a new one.
- Select the settings given your environment:
- Name โ easily identifiable name for the bucket, such as
indent-deploy-state-123
- Region โ where you plan to deploy the Lambda, like
us-west-2
- Bucket versioning โ if you want to have revisions of past deployments, otherwise pick
disabled
- Default encryption โ
enable
for server-side encryption for deployment files
- Name โ easily identifiable name for the bucket, such as
#
3. Configuring AWS credentials- Go to AWS IAM โ New User and create a new user for deploys, such as
indent-terraform-deployer
- Configure the service account's access:
- Credential type โ select Access key - Programmatic access
- Permissions โ go to Attach existing policies directly and select
AdministratorAccess
- Add the
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
as GitHub Secrets
#
4. Connecting to Okta- Sign in to your Okta organization as an admin
- Click the Admin located in the upper right
- Open the drop down menu in the upper right, and copy the URL to your GitHub Secrets as
OKTA_DOMAIN
- Expand Security on the left hand nav, choose API, and then the Token tab
- Click the Create Token button, and copy it to your GitHub Secrets as
OKTA_TOKEN
note
By default Okta grants tokens the same permissions as the account creating them.
#
5. Connecting to Indent- If you're following an installation workflow, you should be presented with a page containing a Webhook Secret
- Alternatively, go to your Indent space and create a webhook
- Add this as
INDENT_WEBHOOK_SECRET
as a GitHub Secret
#
6. Deploy- Enter the bucket you created in
main.tf
in thebackend
configuration - This will automatically kick off a deploy, or you can manually trigger from GitHub Actions
#
Using Indent + Okta GroupsCongrats! Your integration is ready. You can test that everything is set correctly by navigating to your Integrations page, and clicking Pull from Integrations. On a successful pull for Okta Groups, you will see new Resources appear in your list.
#
SummaryYou added an Indent + Okta Groups integration. You're now able to add policies, and customize rules based on your existing Okta Groups. Users can now request access, and you can see how your policies and the user's Okta Group combine into a clean new workflow.
The repo you created from a template auto-deploys to AWS when you push or merge PRs to the main
branch. You can manually redeploy the webhooks by re-running the latest GitHub Action job.
Now that your Okta Groups are setup, try adding your first policy.
#
Questions#
Where do I view the code I'm deploying?There are direct code examples in the Indent APIs GitHub. Take a look at the code that runs in these webhooks:
#
Where can I find a list of all of the secrets?You will find a full list of secrets used by this integration below. To view, click the View Secrets List link.
View Secrets List
Name | Description |
---|---|
INDENT_WEBHOOK_SECRET | Get this from the Indent Webhook you created while setting up your space |
OKTA_DOMAIN | Your Okta Domain. This is your Okta URL like example.okta.com |
OKTA_CLIENT_ID | Your Service App's Client ID. Get this from the Okta Admin Dashboard or from the Okta API Response value you got when settting up your app |
OKTA_PRIVATE_KEY | The private RSA key you used to create your Service App |
OKTA_SLACK_APP_ID | Your Okta Slack App ID. Go to Okta Admin Console โ Applications โ Select "Slack" and copy the value from the URL, e.g. 0oabcdefghijklmnop from example-admin.okta.com/admin/apps/slack/0oabcdefghijklmnop/ |
AWS_REGION | The AWS Region where you want to deploy the webhooks |
AWS_ACCESS_KEY_ID | Your Programmatic AWS Access Key ID |
AWS_SECRET_ACCESS_KEY | Your Programmatic AWS Secret Access Key |
AWS_SESSION_TOKEN | Optional: Your AWS Session Token. Note: If you use an AWS Session ID you will need to update it for each deployment once the session expires |
#
How do I ask for help?If you have questions or need help with your integration, try chatting with Indent Support.