02-19-2022 11:05 AM
Hi all,
Does someone have a step-by-step guide related to Okta integration with Cisco APIC?
I'm interested in the okta side. I've setup a free okta account for testing but I can't get it working.
The authentication is fine (from the okta logs) but I believe the authorization doesn't work so after authentication, I'm sent back to the APIC login screen.
Thank you.
02-22-2022 05:26 PM
Need more info. Which versions are you running for starters.
Robert
02-23-2022 02:05 AM
Good morning,
I'm running version 5.2.3g.
I've been following the guide below:
However, the authorisation section is a bit unclear with the Cisco AV pair to be setup on the okta application (obviously, it is on okta not APIC so that is why the documentation on how to do it is not there).
On Cisco ISE for example (radius/tacacs authentication/authorisation), you need to add the AV pair like shell:domains = all/admin to grant the user the read/write privilege. On okta, I'm not sure where to do it but I will investigate further.
Finally, on the apic (ssh not gui), I wasn't able to find any logs to point me through missing AV pair or misconfigured AV pair but maybe I wasn't looking at the right logs file. Any assistance there would be helpful too.
Thank you very much.
09-24-2023 11:51 AM
Did you ever figure the AVPairs out with OKTA?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide