See MDR MIgration to Sensu Go.txt file for more details

In version 5.16 the default password was removed in favor of a sensu-backend init with bash variables. 

Sen$uP@ssw0rd!

systemctl start sensu-backend
export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=YOUR_USERNAME
export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=YOUR_PASSWORD
sensu-backend init


sensuctl create --file filename.json

---
type: oidc
api_version: authentication/v2
metadata:
  name: oidc_okta
spec:
  additional_scopes:
  - groups
  client_id: <nope>
  client_secret: <nope>
  redirect_uri: https://sensu.msoc.defpoint.local:8000/api/enterprise/authentication/v2/oidc/callback
  server: https://mdr-multipass.okta.com
  groups_claim: groups
  groups_prefix: 'okta'
  username_claim: email
  username_prefix: 'okta'
  
#cluster role binding for okta
sensuctl cluster-role-binding create okta --cluster-role=cluster-admin --group=okta:mdr-admins
sensuctl cluster-role-binding create mdr-admin --cluster-role=mdr-admin --group=ldap:mdr-admins
  
sensuctl cluster-role-binding list


type: ClusterRoleBinding
api_version: core/v2
metadata:
  name: cluster-admin
spec:
  role_ref:
    name: cluster-admin
    type: ClusterRole
  subjects:
  - name: okta:group
    type: Group
    
    

running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"
ldapsearch -x -H ldaps://mdr-multipass.ldap.okta.com -b dc=mdr-multipass,dc=okta,dc=com -D "uid=ldap.read@defpoint.com,dc=mdr-multipass,dc=okta,dc=com" -W


# brad.poulton, users, mdr-multipass.okta.com
dn: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: brad.poulton
uniqueIdentifier: 00u22ymdgdKPTDyR5297
organizationalStatus: ACTIVE
givenName: Brad
sn: Poulton
cn: Brad Poulton
mail: brad.poulton@accenturefederal.com
mobile: 4355126342


# mdr-admins, groups, mdr-multipass.okta.com
dn: cn=mdr-admins,ou=groups,dc=mdr-multipass,dc=okta,dc=com
objectClass: top
objectClass: groupofUniqueNames
cn: mdr-admins
uniqueIdentifier: 00g1m5jakrmiDwISV297
uniqueMember: uid=chris.lynch,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=ryan.damour,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=duane.waddle,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com


Jan 14 23:48:51 sensu sensu-backend: {"component":"authentication/v2","level":"debug","msg":"running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"","time":"2020-01-14T23:48:51Z"}

brad-test
SensuA123