Vault internal group but okta authentication

Asked May 21 '21 at 06:11

Active May 24 '21 at 13:09

Viewed 120 times

Problem statement: I want to authenticate vault user with okta (oidc), but want to have one more level of authentication at vault level.

I have successfully integrated okta_group with vault group (external) and settings up policies for that group.

I work fine as excepted.

My current oidc cofig -

vault write auth/oidc/role/default \
  bound_audiences="XXXX" \
  allowed_redirect_uris="http://localhost:8200/ui/vault/auth/oidc/oidc/callback" \
  
  user_claim="sub" \
  policies="default" \
  groups_claim="groups" \
  oidc_scopes="groups"

When user logged in, Vault create entity but it does not contain any metadata like (usernanem, email ) and so on. What settings can I use to get more details in oidc config ??

edited May 24 '21 at 13:09

asked May 21 '21 at 06:11

pythonhmmm

do you mean when user signs in with oidc okta, they will automatically be assigned certain groups/policies dynamically? – Saikat Chakrabortty May 22 '21 at 01:26
If dynamically not possible, I am ok to add them to internal group. question is - how to I add a particular user to vault entity and entity alias. Overall idea is to have one more level of security for super-duper secrets. – pythonhmmm May 23 '21 at 05:04

Vault internal group but okta authentication

0 Answers0