Table of Contents generated with DocToc
Follow these steps to analyze Okta objects with Cartography.
- Prepare your Okta API token.
- Generate your API token by following the steps from the Okta Create An API Token documentation
- Populate an environment variable with the API token. You can pass the environment variable name via CLI with the
--okta-api-key-env-varparameter. - Use the CLI
--okta-org-idparameter with the organization ID that you wish to query. The organization ID is the first part of the Okta URL for your organization. - If you are using Okta to administer AWS as a SAML provider then the module will automatically match OktaGroups to the AWSRole they control access for.
- If you are using a regex other than the standard okta group to role regex
^aws\#\S+\#(?{{role}}[\w\-]+)\#(?{{accountid}}\d+)$defined in Step 5: Enabling Group Based Role Mapping in Okta then you can specify your regex with the--okta-saml-role-regexparameter.
- If you are using a regex other than the standard okta group to role regex