Hi!!!
Version: HashiCorp [Vault 1.10.5]
We have Vault with auth Okta, and have a case where a user is in 2 groups in Okta, it’s meaning 2 groups in Vault with different policies:
Group Okta-Vault department: “department-rw,nono-rw,tech”
Group Okta-Vault team: “shipdflow-rw,team-rw,shipfoundations-rw,nono-rw,tech”
The user only takes the policies of the team, so my question is how does the mapping between the user’s groups Okta and groups of Vault (with policies)?
Can the user have more than one group?
Key Value
accessor xxxxxxxx
creation_time 1693491824
creation_ttl 2764800
display_name okta-xxxx
entity_id xxxxxxxx
expire_time 2023-10-02T14:23:44.956674348Z
explicit_max_ttl 0
id xxxx
issue_time 2023-08-31T14:23:44.956683767Z
meta {"policies":"list,shipdflow-rw,team-rw,shipfoundations-rw,nono-rw","username":"xxx"}
num_uses 0
orphan true
path auth/okta/login/xxx
policies ["default","list","shipdflow-rw","team-rw","shipfoundations-rw","nono-rw"]
renewable true
ttl 1484601
type service