From 24ae59b3171524511becf9d408cc04a9a3345a3b Mon Sep 17 00:00:00 2001 From: Becca Petrin Date: Fri, 21 Feb 2020 11:13:42 -0800 Subject: [PATCH] correct the okta docs (#8403) --- website/pages/api-docs/auth/okta/index.mdx | 18 ++++++++---- website/pages/docs/auth/okta.mdx | 32 +++++++++++----------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/website/pages/api-docs/auth/okta/index.mdx b/website/pages/api-docs/auth/okta/index.mdx index 4b5678482..68570b004 100644 --- a/website/pages/api-docs/auth/okta/index.mdx +++ b/website/pages/api-docs/auth/okta/index.mdx @@ -33,7 +33,8 @@ distinction between the `create` and `update` capabilities inside ACL policies. groups will be enabled. **Support for okta auth without api_token is deprecated in Vault 1.4** - `base_url` `(string: "")` - If set, will be used as the base domain - for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com. + for API requests. If unset, "okta.com" will be used. Other valid examples + are oktapreview.com, and okta-emea.com. - `bypass_okta_mfa` `(bool: false)` - Whether to bypass an Okta MFA request. Useful if using one of Vault's built-in MFA mechanisms, but this will also cause certain other statuses to be ignored, such as `PASSWORD_EXPIRED`. @@ -84,11 +85,18 @@ $ curl \ "lease_duration": 0, "renewable": false, "data": { - "org_name": "example", - "api_token": "abc123", "base_url": "okta.com", - "ttl": "", - "max_ttl": "" + "bypass_okta_mfa": false, + "org_name": "example", + "token_bound_cidrs": [], + "token_explicit_max_ttl": 0, + "token_max_ttl": 0, + "token_no_default_policy": false, + "token_num_uses": 0, + "token_period": 0, + "token_policies": [], + "token_ttl": 0, + "token_type": "default" }, "warnings": null } diff --git a/website/pages/docs/auth/okta.mdx b/website/pages/docs/auth/okta.mdx index 1a4bb68d1..23b5c616a 100644 --- a/website/pages/docs/auth/okta.mdx +++ b/website/pages/docs/auth/okta.mdx @@ -62,18 +62,18 @@ management tool. 1. Enable the Okta auth method: - ```text - $ vault auth enable okta - ``` +``` +$ vault auth enable okta +``` 1. Configure Vault to communicate with your Okta account: - ```text - $ vault write auth/okta/config \ - base_url="okta.com" \ - organization="dev-123456" \ - token="00KzlTNCqDf0enpQKYSAYUt88KHqXax6dT11xEZz_g" - ``` +``` +$ vault write auth/okta/config \ + base_url="okta.com" \ + org_name="dev-123456" \ + api_token="00KzlTNCqDf0enpQKYSAYUt88KHqXax6dT11xEZz_g" +``` **If no token is supplied, Vault will function, but only locally configured group membership will be available. Without a token, groups will not be @@ -86,9 +86,9 @@ management tool. 1. Map an Okta group to a Vault policy: - ```text - $ vault write auth/okta/groups/scientists policies=nuclear-reactor - ``` +``` +$ vault write auth/okta/groups/scientists policies=nuclear-reactor +``` In this example, anyone who successfully authenticates via Okta who is a member of the "scientists" group will receive a Vault token with the @@ -98,10 +98,10 @@ management tool. It is also possible to add users directly: - ```text - $ vault write auth/okta/groups/engineers policies=autopilot - $ vault write auth/okta/users/tesla groups=engineers - ``` +``` +$ vault write auth/okta/groups/engineers policies=autopilot +$ vault write auth/okta/users/tesla groups=engineers +``` This adds the Okta user "tesla" to the "engineers" group, which maps to the "autopilot" Vault policy.