APIC Okta integration with user role

loichoonho · ‎02-09-2021

Hi,

I am trying to integrate APIC user authentication with OKTA for 2FA. The official guide does provide enough information upto the 2FA part. However, the group assignment (RBAC) for user is too brief. It seems to be related to CiscoAVPair Attribute statement in Okta.

Have the following question:

1) What is the CiscoAVPair value should be define in the OKTA?

2) How to correlate the define group in APIC with okta group

Thanks

agsergio · ‎02-09-2021

For Cisco AV Pair you can use the same for the external authentication server:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/security/b-Cisco-APIC-Security-Configuration-Guide-411/b-Cisco-APIC-Security-Configuration-Guide-411_chapter_0100.html

alfafa973 · ‎02-20-2022

Hi,

Did you manage to setup the AV Pair in Okta to get the authorisation working?

I'm facing the same issue you described. I can authenticate the user with Okta but i'm not sure how/whre to pass the AAV pair so the user can get access to the APIC using the required role.

Thank you.