Open levequej opened 2 years ago
Hi, any update concerning when/if this feature be added to the roadmap?
I have successfully configured Okta to allow: "Login initiated by: Either Okta or App." https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm
In the Okta Admin Dashboard, go to:
your vault oidc webapp
Login initiated by
: Either Okta or App
Initiate login URI
: https://vault.example.com/ui/vault/auth?with=oidc
(substitute vault.example.com with your vault cluster's domain).Now, the Vault App shows up in the Okta Dashboard, and clicking on it takes the user to the vault login page with the oidc method selected. One gotcha with this approach is that you must be using the default mount path oidc
, or the user will still have to specify that before they can click the "Sign in with Okta" button in Vault's UI (this shortcoming is covered by #10140).
Does that do what you want? What else is missing to fully support OIDC section 4?
Hello,
I'd like to have the option to use OIDC to initiate login from a 3rd party (okta in my case) , as described in Section 4 of the Open Id Connect 1.0 spec .
The usecase would be for a vault user to be able to authenticate to vault through a click of a button via its okta app dashboard. I guess it would also be required to have the possibility to pass the desired role (and oidc path maybe) in the request.
It seems this is not possible at the moment. Am I correct ?
Thanks,
Julien