-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds a prototype SCIM-Only-Okta-Integration install guide #41458
base: branch/v15
Are you sure you want to change the base?
Conversation
🤖 Vercel preview here: https://docs-bl8ziy62b-goteleport.vercel.app/docs/ver/preview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's just make this a normal guide without being dev-build specific, otherwise looks good.
## Before you begin | ||
This test involves upgrading to a dev build of Teleport 15 - back up your | ||
cluster config & back-end data just in case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would remove this, the goal for this is to just become a regular guide in the docs. I will share the dev build with interested customers as needed before this makes it into an actual release.
* Enterprise Teleport Dev Build `v15.3.2-dev.scim.1`, available via | ||
* AMD64 linux: https://cdn.teleport.dev/teleport-ent-v15.3.2-dev.scim.1-linux-amd64-bin.tar.gz | ||
* Arm64 linux: https://cdn.teleport.dev/teleport-ent-v15.3.2-dev.scim.1-linux-arm64-bin.tar.gz | ||
* Multiarch Docker image (with debug tools): public.ecr.aws/gravitational/teleport-ent-distroless-debug:15.3.2-dev.scim.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to above, I would remove the mention of a dev build.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comments after second pass.
If you created an Okta SAML connector with the Hosted Okta Integration enrollment | ||
flow, it will have created a SAML Connector called okta-integration that assigns | ||
users the okta-requester to the Okta group Everyone. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This part is slightly confusing - if you have hosted Okta integration configured, you already have SCIM enabled so why would you be going through the standalone SCIM guide?
example below. Note the role mapping that grants the requester role to the | ||
`Everyone` group in Okta. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This phrasing is slightly confusing - is it a requirement to have the role mapping for "everyone" setup, or just an example and users can use any existing connector they have?
Co-authored-by: Roman Tkachenko <roman@goteleport.com>
🤖 Vercel preview here: https://docs-42zadpvv4-goteleport.vercel.app/docs/ver/preview |
No description provided.