Hey, is there an option to use Okta groups to access control in Pritunl VPN?
If the answer is no - is there an option to attach multiple users to a static group from CLI instead of one by one in GUI ?
Thanks.
The Okta documentation explains how to configure setting the Pritunl organization from Okta.
Pritunl user groups can also be used by setting the groups SAML attribute with a comma separated list. When using user groups the groups option in the server settings must also be configured. Once user groups are configured a user must have a matching organization and group when connecting to a server.
Do you have an example on how to add a comma separated list of groups in Okta?
I’ve been trying and it always sends only 1 group.
The Okta Expression Language documentation has more information.
Hey this solution provide to me by Okta support and it works:
-
Firstly, you will need to create a custom attribute under Directory → Profile Editor → Profile (The one next to your application) → Add Attribute -->type:string array, name: groups, scope: user personal
-
You will need to create a mapping between Okta and the application. So go to the mappings of the app, select Okta to App and use the following expression:
String.join(“,”, isMemberOfGroupName(“Group1”) ? ‘Group1’ : ‘’, isMemberOfGroupName(“Group2”) ? ‘Group2’ : ‘’, isMemberOfGroupName(“Group3”) ? ‘Group3’ : ‘’)
You will need to adapt the expression based on your groups.
- Under the Sign On tab of the application, under “Attribute Statements”, you will need to add a new attribute and for Value, you will need to enter the same expression that you used at step 2
Good luck.