mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-22 02:16:37 +00:00
221 lines
9.3 KiB
Plaintext
221 lines
9.3 KiB
Plaintext
import {
|
||
Note
|
||
} from "@/components/mdx";
|
||
|
||
# Provision Users and Groups From Okta
|
||
|
||
Okta is a cloud-based identity and access management (IAM) platform that centralizes user and customer profiles to enhance
|
||
security and streamline access. It offers features like multifactor authentication, single sign-on, and lifecycle
|
||
management to help organizations manage user identities effectively.
|
||
|
||
NetBird's Okta integration enhances user management by allowing you to utilize Okta as your identity provider.
|
||
This integration automates user authentication in your network, adds SSO and MFA support, and simplifies network access management
|
||
to your applications and resources.
|
||
|
||
The integration process consists of two stages: first, you’ll set up OpenID Connect (OIDC) to enable Single Sign-On (SSO)
|
||
from NetBird's login page using Okta credentials. Next, you’ll configure SCIM (System for Cross-domain Identity Management)
|
||
to synchronize users and groups smoothly.
|
||
|
||
## Get Started with NetBird-Okta Integration
|
||
|
||
To set up SSO, go to `Integrations` in the NetBird admin console's left menu to access the Identity Provider integration page. Click the `Connect Okta` button to get started with the Okta-NetBird integration. This will open a pop-up window with detailed instructions on synchronizing NetBird and Okta.
|
||
|
||
|
||
|
||
|
||
## Prerequisites
|
||
|
||
Before you begin the integration process, ensure you have the [necessary permissions in Okta](https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm). You need an Okta user account with one of the following roles:
|
||
|
||
* Super Admin
|
||
* Org Admin
|
||
* Group Admin
|
||
|
||
To check your user permissions in Okta:
|
||
|
||
* Log in to your Okta **admin** dashboard.
|
||
* Expand `People` in the left menu.
|
||
* Select your user.
|
||
* Navigate to the `Admin roles` tab.
|
||
|
||
Confirm that you have one of the required roles before proceeding with the integration.
|
||
|
||
|
||
|
||
|
||
## Installing the NetBird Integration
|
||
|
||
Once you have the necessary permissions, you can set up the NetBird application. First, on NetBird, click `Continue →` to show a summary of the necessary steps.
|
||
|
||
|
||
|
||
|
||
Let's go through them one by one:
|
||
|
||
* In Okta’s admin dashboard, click `Applications` in the left menu.
|
||
* Select `Applications` from the submenu.
|
||
* Click the `Browse App Catalog` button.
|
||
|
||
|
||
|
||
|
||
In the app catalog, enter "NetBird" in the search bar. Then, click the `Add Integration` button.
|
||
|
||
|
||
|
||
|
||
Accept the default application name and click the `Done` button. On the next screen, click the `Assign` dropdown and select `Assign to People`.
|
||
|
||
|
||
|
||
|
||
You will see a list of users. Find your user account, click `Assign`, and save the changes. Verify your user is assigned to the NetBird app and click `Done`.
|
||
|
||
|
||
|
||
|
||
After that, you will see your user listed in the NetBird application.
|
||
|
||
|
||
|
||
|
||
## Configuring SSO in Okta
|
||
|
||
The next step is to configure Okta-NetBird SSO integration.
|
||
|
||
In NetBird, click the `Continue →` button. A new wizard screen will appear, offering the instructions for retrieving Okta’s OpenID Connect credentials. You can click `Close` and navigate to Okta.
|
||
|
||
|
||
|
||
|
||
* Click on the `Sign On` tab on Okta. Look for `OpenID Connect` under `Sign on methods` in the `Settings` section.
|
||
* Copy the `Client ID` value.
|
||
* Copy the `Client Secret` value.
|
||
|
||
Store these credentials securely, as you will need them soon.
|
||
|
||
|
||
|
||
|
||
* Click `Edit` in the `Settings` section.
|
||
* In `Credential Details`, change the `Application username format` from `Okta username` to `Email`.
|
||
* Click the `Save` button
|
||
|
||
|
||
|
||
* On the top right, click on your username
|
||
* Copy your [Okta account domain](https://developer.okta.com/docs/guides/find-your-domain/main/) as shown below:
|
||
|
||
|
||
|
||
The final step is to [send an email to the NetBird team](support@netbird.io) with the authentication information you just retrieved:
|
||
|
||
* Okta `Client ID`
|
||
* Okta `Client secret`
|
||
* Okta account domain
|
||
* Okta primary email domain (usually your username)
|
||
|
||
You will receive an email once the NetBird team enables authentication for your account.
|
||
|
||
This completes the first stage, enabling Single Sign-On (SSO) from NetBird's login page using Okta credentials. Now, you can navigate to [app.netbird.io](app.netbird.io) and log in using [Okta Verify](https://help.okta.com/eu/en-us/content/topics/end-user/ov-overview.htm).
|
||
|
||
## Enabling Okta SCIM in NetBird
|
||
|
||
In NetBird, go to `Integrations > Identity Provider` and click on the `Connect to Okta` button.
|
||
|
||
|
||
|
||
You will see a reminder of the permissions your user will require in Okta. Click the `Get Started →` button to continue.
|
||
|
||
|
||
|
||
If you haven't already, you'll need to set up SSO in Okta. If you've completed the previous section, skip this step and click the `Continue →` button.
|
||
|
||
|
||
|
||
The next screen will show you how to enable NetBird API credentials in Okta. Copy the value of the `Authorization (Bearer)` token.
|
||
|
||
|
||
|
||
Navigate to the NetBird app in your Okta admin dashboard. Click the `Provisioning` tab, then select `Configure API Integration`.
|
||
|
||
|
||
|
||
Follow these steps:
|
||
|
||
* Check the box to enable API Integration.
|
||
* Enter your NetBird API Token.
|
||
* Click `Test API Credentials` to verify the SCIM connection.
|
||
|
||
|
||
|
||
If everything works as expected, you'll see the message: "NetBird was verified successfully!" as shown below. Click `Save` to continue.
|
||
|
||
|
||
|
||
## Configuring SCIM Provisioning to NetBird
|
||
|
||
On NetBird, click `Continue →`. You'll see instructions for configuring SCIM provisioning to NetBird.
|
||
|
||
|
||
|
||
Back to Okta, click `Edit` as shown below.
|
||
|
||
|
||
|
||
Enable Okta to create, update, and deactivate NetBird users by checking the corresponding boxes:
|
||
|
||
* Create Users
|
||
* Update User Attributes
|
||
* Deactivate Users
|
||
|
||
When done, click `Save`.
|
||
|
||
|
||
|
||
## Assigning NetBird Application to Okta Groups
|
||
|
||
In NetBird, click `Continue →`, you'll see the steps for assigning the NetBird integration to Okta groups.
|
||
|
||
|
||
|
||
* Navigate to the `Assignments` tab.
|
||
* Similar than before when you assigned your user to NetBird app, click the `Assign` button
|
||
* This time, select `Assign to Groups`.
|
||
* Select Okta groups that you want to assign to the NetBird app.
|
||
|
||
|
||
|
||
Once you assign the desired groups, click `Done`. You'll see the selected groups listed in Okta.
|
||
|
||
|
||
|
||
## Push Okta Groups to NetBird
|
||
|
||
One more time, go to NetBird and click `Continue →`. You'll see the final instructions to push Okta groups to NetBird.
|
||
|
||
|
||
|
||
* In Okta, navigate to `Push Groups` tab
|
||
* Click the `Push Groups` button
|
||
* Select `Find groups by name`
|
||
* Search for specific groups to push to NetBird.
|
||
|
||
|
||
|
||
Once you finish, go back to NetBird and click `Finish Setup`. You can verify the synchronization by navigating to `Team > Users`
|
||
|
||
|
||
|
||
The users listed in NetBird should match those you created in Okta.
|
||
|
||
|
||
|
||
<Note>
|
||
SCIM provisioning will manage only resources that are created through Okta. Any resources created directly in NetBird will not be managed by SCIM.
|
||
</Note>
|
||
|
||
<Note>
|
||
Synced groups will only be available for membership and will not change the role of user in NetBird
|
||
</Note>
|