Enabling Okta backend via API

[adam....@motorolasolutions.com]

The documentation (https://www.vaultproject.io/docs/auth/okta.html) shows how to do it from the cli.  I've taken my best guess at doing it via the API:

curl -k -X POST -H "x-vault-token":"$VAULT_TOKEN" "$VAULT_ADDR/v1/sys/auth/okta" -d '{"type":"okta"}'

but I get the following error:

{"errors":["unknown backend type: okta"]}

What am I doing wrong?

[Jeff Mitchell]

Hi Adam,

Which version of Vault? Okta didn't appear until 0.6.5.

Best,

Jeff

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0b9830ea-3225-4668-aa16-62556e237231%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Adam Lewis]

ah!  6.4.  tx :-)

On Wed, Mar 22, 2017 at 3:22 PM, Jeff Mitchell <je...@hashicorp.com> wrote:

Hi Adam,

Which version of Vault? Okta didn't appear until 0.6.5.

Best,

Jeff

You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/pBVHqWb49M0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GGDBw2BfWW_2si_XNcabtLFbYC9shRwr1Bx8kZaK2qRCw%40mail.gmail.com.

[adam....@motorolasolutions.com]

I've since upgrade to v7.0 and have successfully enabled the Okta backend.  

I have Okta setup only with the organization - I am not currently using an Okta token to get Okta groups.  When I attempt to logon to Okta:

curl -k $VAULT_ADDR/v1/auth/okta/login/MY_USERNAME -d '{ "password": "MY_PASSWORD" }'

The response is:

{"errors":["user is not a member of any authorized policy; additionally, no Okta groups found; only policies from locally-defined groups available"]}

It seems i need to add my Okta user to one or more policies (makes sense), but the documentation (https://www.vaultproject.io/docs/auth/okta.html) only talks about policy mapping between Okta groups and Vault policy.  

Is there a way I can create a policy in Vault and simply add the Okta user to that policy?

tx

adam

On Wednesday, March 22, 2017 at 3:23:05 PM UTC-5, Jeff Mitchell wrote:

Hi Adam,

Which version of Vault? Okta didn't appear until 0.6.5.

Best,

Jeff

On Wed, Mar 22, 2017 at 4:14 PM, <adam....@motorolasolutions.com> wrote:

The documentation (https://www.vaultproject.io/docs/auth/okta.html) shows how to do it from the cli.  I've taken my best guess at doing it via the API:

curl -k -X POST -H "x-vault-token":"$VAULT_TOKEN" "$VAULT_ADDR/v1/sys/auth/okta" -d '{"type":"okta"}'

but I get the following error:

{"errors":["unknown backend type: okta"]}

What am I doing wrong?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.