OIDC without Identity Backend

idcmp · March 23, 2020, 6:16pm

Is it possible to use the OIDC auth backend without relying on the identity backend to do group mappings? (I have a prototype working with Okta+OIDC+Identity External Groups); I’m hoping for something like the LDAP backend with its group->policies mapping.

We can’t use the Identity Backend because of: Shedding identity_policies but could really use OIDC to get true SSO.

dp-h · April 7, 2020, 1:25pm

If you are using Okta and do not need to pass additional OIDC claims like groups, but want LDAP Auth-style functionality, take a look at the Okta Auth Method: Okta - Auth Methods | Vault | HashiCorp Developer

Topic		Replies	Views
Setting up Okta as IdentityProvider with Open Source Vault? Vault	2	1205	March 5, 2020
Migrate from Okta-API-based auth to Okta-OIDC-based auth Vault	2	491	November 13, 2019
Authorization through OIDC and LDAP Vault	1	1070	February 16, 2020
Vault and OKTA OIDC config Vault	12	918	July 30, 2023
Vault as an OAuth/OIDC Identity Provider Vault	7	3217	December 13, 2021

OIDC without Identity Backend

Related topics