impl

Documentation

Index

• func New() tree.Plugin
• type OktaPlugin
  • func (o OktaPlugin) EntityCreate(e, de pb.Entity) (pb.Entity, error)
  • func (o OktaPlugin) EntityDestroy(e pb.Entity) (pb.Entity, error)
  • func (o OktaPlugin) EntityLock(e pb.Entity) (pb.Entity, error)
  • func (o OktaPlugin) EntityUnlock(e pb.Entity) (pb.Entity, error)
  • func (o OktaPlugin) EntityUpdate(e pb.Entity) (pb.Entity, error)
  • func (o OktaPlugin) GroupCreate(g pb.Group) (pb.Group, error)
  • func (o OktaPlugin) GroupDestroy(g pb.Group) (pb.Group, error)
  • func (o OktaPlugin) GroupUpdate(g pb.Group) (pb.Group, error)
  • func (o OktaPlugin) PostSecretChange(e, de pb.Entity) (pb.Entity, error)

Functions

func New

func New() tree.Plugin

New will return a plugin fully provisioned and ready to go.

Types

type OktaPlugin

type OktaPlugin struct {
	tree.NullPlugin
	// contains filtered or unexported fields
}

OktaPlugin is the implementation of the plugin that can talk to both netauth and to Okta.

func (OktaPlugin) EntityCreate

func (o OktaPlugin) EntityCreate(e, de pb.Entity) (pb.Entity, error)

EntityCreate propagates entity creation events. This makes certain assumptions around how the okta logins are setup, and how usernames are provisioned.

func (OktaPlugin) EntityDestroy

func (o OktaPlugin) EntityDestroy(e pb.Entity) (pb.Entity, error)

EntityDestroy should never be used, deleting users is generally bad, but if you must, then this function will ensure that users in Okta have also been wiped.

func (OktaPlugin) EntityLock

func (o OktaPlugin) EntityLock(e pb.Entity) (pb.Entity, error)

EntityLock translates to a suspended entity in Okta.

func (OktaPlugin) EntityUnlock

func (o OktaPlugin) EntityUnlock(e pb.Entity) (pb.Entity, error)

EntityUnlock translates to a force un-suspend in Okta.

func (OktaPlugin) EntityUpdate

func (o OktaPlugin) EntityUpdate(e pb.Entity) (pb.Entity, error)

EntityUpdate pushes changes to the base entity profile, nothing else. Custom attributes are not supported in this plugin.

func (OktaPlugin) GroupCreate

func (o OktaPlugin) GroupCreate(g pb.Group) (pb.Group, error)

GroupCreate will create a matched group in Okta. Assigning applications to this group must still be done in Okta directly, but the group and its attributes are mapped from netauth.

func (OktaPlugin) GroupDestroy

func (o OktaPlugin) GroupDestroy(g pb.Group) (pb.Group, error)

GroupDestroy pushes the destruction of groups to Okta. It is recommended to never destroy a group, but if this is desired this function will ensure the group is removed in Okta as well.

func (OktaPlugin) GroupUpdate

func (o OktaPlugin) GroupUpdate(g pb.Group) (pb.Group, error)

GroupUpdate is called to manage ongoing changes to a group. This function does not push membership changes.

func (OktaPlugin) PostSecretChange

func (o OktaPlugin) PostSecretChange(e, de pb.Entity) (pb.Entity, error)

PostSecretChange propagates the secret change directly to Okta via an administrative password change. Technically this pushes a plaintext password to Okta, and its assumed that Okta will do the right thing with it. The alternative is syncing a hash (which is antithetical to the core design of netauth) or not syncing the change. Given that this is no different from an admin logging in and resetting the password, its probably fine.