Source: medium.com
Okta Authentication in Vault using OpenID Connect (OIDC)Category: Data, Hashicorp
It still works very well, allowing you to associate a Vault policy with an Okta user or group but it has some limitations: More recently, the kind folks at HashiCorp released a fantastic new auth plugin that works with JWT/OIDC which means it also works with Okta. This tutorial will show you how authenticate to Vault using Okta with OIDC and be granted a Vault token based on your Okta group.
You can play around with these things at jwt.io and a sample would look something like this: Back to our particular use case of hooking up Vault and Okta with OIDC, you can think of Vault as the Client application and Okta as the Authorization Server.
For this example, we’ll use vault_ and we’ll create one group called vault_admins in Okta and add at least one user to it.
You can now go back to the Authorization Server you created and see what a generated token will look like from Vault’s point of view by going to the Token Preview tab: As you can see here, on the left side, I’m supplying the information to Okta that the Vault server would, and on the right, you can see the decoded JWT that Okta would respond with.
You can play around with these things at jwt.io and a sample would look something like this: Back to our particular use case of hooking up Vault and Okta with OIDC, you can think of Vault as the Client application and Okta as the Authorization Server.
For this example, we’ll use vault_ and we’ll create one group called vault_admins in Okta and add at least one user to it.
You can now go back to the Authorization Server you created and see what a generated token will look like from Vault’s point of view by going to the Token Preview tab: As you can see here, on the left side, I’m supplying the information to Okta that the Vault server would, and on the right, you can see the decoded JWT that Okta would respond with.
Related Articles
Community Partners
DevOps Careers