Hi,
I’m looking to automate some of our internal processes, like creating Okta applications and assigning users, etc.
I’m using okta-sdk-api/impl/httpclient from mvn repository. However, it doesn’t appear that the okta-sdk-java repo in GitHub is up to date as of 0.10.0?
Specifically, I was looking to create/manage Applications. I noticed that User and Group have builders but I don’t see anything equivalent for Application. Is this a not yet released feature?
Thanks!
Hi @jopo, we support this:
We missed updating the readme to make it clear that we support these operations. I’ll have the team do that today.
Let us know any other questions!
Thanks! That was quite helpful.
More specifically, I’m trying to automate setting up SSO for AWS for various teams. Each AWS account has a corresponding app in Okta. I’m not sure which Application type would best apply. Looking at the JSON response from hitting the REST API /api/v1/apps/ directly, I would need an *ApplicationSettingsApplication that supports setting the awsEnvironmentType, identityProviderArn, etc… I was starting with SamlApplication.
Also, from the Okta UI, we are using an application template currently to do this manually. Are there any APIs to retrieve a template and apply only what is needed?
Our existing SAML app helps to automate much of this. If you simply enter which Accounts you’d like to connect your users to Okta will provide a dynamic role picker of Accounts & Roles.
Have you tried that out? It’s all within the config guide within our SAML doc. Each user would then get a single AWS chiclet and based on the groups they’re assigned to, be able to login to whatever Roles you’d like within AWS.
Yes, from the Okta UI side of things I’m able to set everything up as needed to connect to AWS accounts. I’m trying to translate that to API calls so we can do this programatically.
For instance, we have a template for AWS that we use in the UI. After creation, the apps API will return something like this (which is what I need to translate into the equivalent Okta Java SDK call):
{
...
"accessibility": {
"errorRedirectUrl": null,
"loginRedirectUrl": null,
"selfService": false
},
"credentials": {
"signing": {
"kid": "..."
},
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
}
},
"features": [],
"label": "...",
"name": "amazon_aws",
"settings": {
"app": {
"accessKey": null,
"appFilter": null,
"awsEnvironmentType": "aws.amazon",
"groupFilter": "aws_(?{{accountid}}\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\-_]+)",
"identityProviderArn": "...",
"loginURL": "https://console.aws.amazon.com/ec2/home",
"overrideAcsURL": null,
"roleValuePattern": "arn:aws:iam::${accountid}:saml-provider/OKTA,arn:aws:iam::${accountid}:role/${role}",
"secretKey": null,
"secretKeyEnc": null,
"sessionDuration": 43200
},
"notifications": {
"vpn": {
"helpUrl": null,
"message": null,
"network": {
"connection": "DISABLED"
}
}
},
"signOn": {
"audienceOverride": null,
"defaultRelayState": null,
"destinationOverride": null,
"recipientOverride": null,
"ssoAcsUrlOverride": null
}
},
"signOnMode": "SAML_2_0",
"status": "ACTIVE",
"visibility": {
"appLinks": {
"login": true
},
"autoSubmitToolbar": true,
"hide": {
"iOS": false,
"web": false
}
}
}