Okta Group Gate
This auth plugin is configured with an SSWS Okta API key assigned the access of Group Membership Admininstrator.
Additionally, the Okta Group ID (e.g: 00gp83riuxRpnO0iV5d7) of the elevated Okta Group is needed.
Claiming access from this plugin, uses the Vault/OpenBao Entity Metadata (see for Vault / OpenBao) of the requestor to identify its Okta User ID (e.g: 00up44uglx1peLV6n5d7) and temporarily add that Okta User to the elevated Okta Group.
What accesses are supported by this plugin
This plugin supports all the 150+ Okta Integrations listed in its website. Namely, Zendesk, Salesforce and 1Password are, among others, in this list.
As Okta acts as an IdP, access to these applications works seamlessly through its application’s UI.
Just-in-Time access
The user claiming access is added to the Okta Group that allows access to the elevated application
for the amount of time lease, configured using the standard Vault/OpenBao /tune endpoint.
The plugin keeps track of all added Okta Users and removes them from the Okta Group automatically when the lease TTL expires.