correct the okta docs (#8403)

This commit is contained in:
Becca Petrin 2020-02-21 11:13:42 -08:00 committed by GitHub
parent 1bc1b45c07
commit 24ae59b317
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 21 deletions

View file

@ -33,7 +33,8 @@ distinction between the `create` and `update` capabilities inside ACL policies.
groups will be enabled.
**Support for okta auth without api_token is deprecated in Vault 1.4**
- `base_url` `(string: "")` - If set, will be used as the base domain
for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.
for API requests. If unset, "okta.com" will be used. Other valid examples
are oktapreview.com, and okta-emea.com.
- `bypass_okta_mfa` `(bool: false)` - Whether to bypass an Okta MFA request.
Useful if using one of Vault's built-in MFA mechanisms, but this will also
cause certain other statuses to be ignored, such as `PASSWORD_EXPIRED`.
@ -84,11 +85,18 @@ $ curl \
"lease_duration": 0,
"renewable": false,
"data": {
"org_name": "example",
"api_token": "abc123",
"base_url": "okta.com",
"ttl": "",
"max_ttl": ""
"bypass_okta_mfa": false,
"org_name": "example",
"token_bound_cidrs": [],
"token_explicit_max_ttl": 0,
"token_max_ttl": 0,
"token_no_default_policy": false,
"token_num_uses": 0,
"token_period": 0,
"token_policies": [],
"token_ttl": 0,
"token_type": "default"
},
"warnings": null
}

View file

@ -62,18 +62,18 @@ management tool.
1. Enable the Okta auth method:
```text
$ vault auth enable okta
```
```
$ vault auth enable okta
```
1. Configure Vault to communicate with your Okta account:
```text
$ vault write auth/okta/config \
```
$ vault write auth/okta/config \
base_url="okta.com" \
organization="dev-123456" \
token="00KzlTNCqDf0enpQKYSAYUt88KHqXax6dT11xEZz_g"
```
org_name="dev-123456" \
api_token="00KzlTNCqDf0enpQKYSAYUt88KHqXax6dT11xEZz_g"
```
**If no token is supplied, Vault will function, but only locally configured
group membership will be available. Without a token, groups will not be
@ -86,9 +86,9 @@ management tool.
1. Map an Okta group to a Vault policy:
```text
$ vault write auth/okta/groups/scientists policies=nuclear-reactor
```
```
$ vault write auth/okta/groups/scientists policies=nuclear-reactor
```
In this example, anyone who successfully authenticates via Okta who is a
member of the "scientists" group will receive a Vault token with the
@ -98,10 +98,10 @@ management tool.
It is also possible to add users directly:
```text
$ vault write auth/okta/groups/engineers policies=autopilot
$ vault write auth/okta/users/tesla groups=engineers
```
```
$ vault write auth/okta/groups/engineers policies=autopilot
$ vault write auth/okta/users/tesla groups=engineers
```
This adds the Okta user "tesla" to the "engineers" group, which maps to
the "autopilot" Vault policy.