Okta Notes.md 1.5 KB
Okta Notes
Okta -> Admin -> input username -> assign applications
OKTA API Tokens
Don't use the GUI for Okta tokens. Chris can generate a new Okta token with the correct user and access. Also, better to look in the bash history for Okta tokens
Password expiration report
OKTA -> Reports -> Okta Password Health Open with Brackets Not excel
Okta and Terraform
Fred ignored the above advice and created an okta API key for himself (Web UI: Admin->Security->API->Create Token)
Then:
export OKTA_API_TOKEN=[token here]
terragrunt apply
Okta Rate Limiting
Okta will rate limit us if we hit the API to frequently. This causes users to not be able to VPN in because the OpenVPN server cannot connect to the OKTA API in a timely manner. To see if this is happening you can log into OKTA and look for a banner indicating the rate limiting. We also pull logs into Moose Splunk via the OKTA API so you can run this Splunk search on Moose to see if we are getting errors. Finally, if you log into the OpenVPN and see timeout errors that is an indicator that OKTA is rate limiting us on the OKTA API.
index=_internal host=moose-splunk-hf* source=*okta* rate limit pausing operations
| timechart count
Okta Splunk Search
#Okta user create log index=auth sourcetype="OktaIM2:log" "Create okta user"