Version: 15.x

Okta Service Reference Documentation

Warning Backing up production instances, environments, and/or settings before making permanent modifications is encouraged as a best practice. Doing so allows you to roll back to an existing state if needed.

The following snippet shows the full YAML configuration of the Okta Service as it would appear in the teleport.yaml configuration file:

okta_service: enabled: yes api_endpoint: https://example.okta.com/ api_token_path: /path/to/api/token

Full YAML spec of Okta import rule resources managed by tctl resource commands:

kind: okta_import_rule version: v1 metadata: name: test-rule description: "Okta import rule for admins" spec: priority: 10 mappings: - match: - app_ids: [ "app1" , "app2" ] add_labels: app_label: app_label_value - match: - group_ids: [ "group1" , "group2" ] add_labels: label1: value1 - match: - app_name_regexes: [ "^okta.*$" , "app*" ] add_labels: app_label: app_label_value - match: - group_name_regexes: [ "^okta.*$" , "app*" ] add_labels: label1: value1

You can create a new okta_import_rule resource by running the following commands, which assume that you have created a YAML file called okta-import-rule.yaml with your configuration:

tsh login --proxy=teleport.example.com --user=myuser tctl create -f okta-import-rule.yaml

These objects are internally facing and are not intended to be modified by users. However, you can query them for informational or debugging purposes.

Full YAML spec of Okta assignment resources queried by tctl resource commands:

kind: okta_assignment version: v1 metadata: name: test-assignment spec: user: [email protected] targets: - type: application id: "123456" - type: group id: "234567" status: pending

This section shows CLI commands relevant for managing Okta Service behaviors.

Lists available Okta import rules.

tctl get okta_import_rules

Gets an individual Okta import rule.

tctl get okta_import_rules/my-import-rule

Removes an individual Okta import rule.

tctl rm okta_import_rules/my-import-rule

Lists available Okta assignments.

tctl get okta_assignments

Gets an individual Okta assignment.

tctl get okta_assignments/my-assignment

If the Teleport applications UI isn't displaying any Okta applications, ensure that the Okta API token and endpoint are correct in the Okta service.