|
@@ -17,6 +17,21 @@ Set up the auth itself first, docs [here](../authentication/oauth2.md) and [here
|
|
|
value: "role-name"
|
|
value: "role-name"
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
|
+#### Okta
|
|
|
|
|
+
|
|
|
|
|
+You can map Okta Groups to roles. First confirm that your okta administrator has included the `group` claim or the groups will not be passed in the auth token.
|
|
|
|
|
+
|
|
|
|
|
+Ensure `roles-field` in the auth config to `groups` and that `groups` is include in the `scope`, see [here](../authentication/oauth2.md###Okta) for more details.
|
|
|
|
|
+
|
|
|
|
|
+Configure the role mapping to the okta group:
|
|
|
|
|
+
|
|
|
|
|
+```yaml
|
|
|
|
|
+ subjects:
|
|
|
|
|
+ - provider: oauth
|
|
|
|
|
+ type: role
|
|
|
|
|
+ value: "<okta-group-name>"
|
|
|
|
|
+```
|
|
|
|
|
+
|
|
|
### Google
|
|
### Google
|
|
|
|
|
|
|
|
Set up google auth [first](../authentication/oauth2.md#google)
|
|
Set up google auth [first](../authentication/oauth2.md#google)
|
tweeks-reify