I know there is a https://www.vaultproject.io/docs/auth/okta/, but with open source Vault we cannot use it because we miss Vault “mfa” feature.
Are there people out there using Vault together with Okta in some other way?
I know there is a https://www.vaultproject.io/docs/auth/okta/, but with open source Vault we cannot use it because we miss Vault “mfa” feature.
Are there people out there using Vault together with Okta in some other way?
You can configure an okta web app to respond to oidc. By setting up the oidc auth method in vault they work together. One limitation of OIDC is that it requires an web based authentication as part of the standard. This is awkward if your ssh’d into a remote host that doesn’t have a web browser to do the auth workflow. You can however auth on your local system and take your token to the remote session.
I do wish that hashicorp would just add all the missing functionality to the okta auth plugin.
Definitely I’m gonna go in that direction. Thanks!
PS. It’s not “missing” functionality, it’s just legacy and supported only in Enterprise Vault.