Netbird selfhosted fails setup with Okta Integration

[TechIsCool]

Describe the problem

From a clean setup for self-hosted and leveraging Okta as the IDP we encountered that wt_account_id and wt_pending_invite seems to be added to Okta's default User Profile and is required under Profile enrollment. This impacts every application in Okta, not just the configured Applications that Netbird should be using. We were confused the first time we set this up. (luckily in a dev account).

After moving the wt_account_id and wt_pending_invite to the Applications Profile we got past the weird unknown value from a end users perspective when adding a device. After that we are still encountering a couple of errors.

From the Servers perspective

infrastructure_files-management-1  | 2023-07-20T00:48:53Z ERRO management/server/grpcserver.go:234: got an unhandled error: rpc error: code = Internal desc = unable to fetch account with claims, err: the API returned an error: Invalid search criteria.. Causes: errorSummary: Invalid search attribute.
The code line from the error above is management/server/grpcserver.go:234

From the Clients perspective:

╰─ netbird -l debug up --management-url https://<mydomain>:33073
Please do the SSO login in your browser.
If your browser didn't open automatically, use this URL to log in:

 https://dev-1234567.okta.com/activate?user_code=DK...

Error: waiting sso login failed with: rpc error: code = Internal desc = failed handling request

We never did succeed at getting a self-hosted version of Netbird running.

Pending questions we had

• wt_account_id isn't clearly defined is it even required?

  Might be Related

• 959

  We also asked in the slack channel here

[mlsmaycon]

Hello @TechIsCool the PR #1023 fixed the issue; we are hiding the parameters so it doesn't interfere with the user's regular authentication. We could not use the application profile with the API because of permissions reasons as it requires previous configuration.

Can you confirm and close the issue?