Re: Okta Integration with Cisco APIC

alfafa973 · ‎02-19-2022

Hi all,

Does someone have a step-by-step guide related to Okta integration with Cisco APIC?

I'm interested in the okta side. I've setup a free okta account for testing but I can't get it working.

The authentication is fine (from the okta logs) but I believe the authorization doesn't work so after authentication, I'm sent back to the APIC login screen.

Thank you.

Robert Burns · ‎02-22-2022

Need more info. Which versions are you running for starters.

Robert

alfafa973 · ‎02-23-2022

Good morning,

I'm running version 5.2.3g.

I've been following the guide below:

Cisco APIC Security Configuration Guide, Release 5.2(x) - RADIUS, TACACS+, LDAP, RSA, SAML, OAuth 2, and DUO [Cisco Application Policy Infrastructure Controller (APIC)] - Cisco

However, the authorisation section is a bit unclear with the Cisco AV pair to be setup on the okta application (obviously, it is on okta not APIC so that is why the documentation on how to do it is not there).

On Cisco ISE for example (radius/tacacs authentication/authorisation), you need to add the AV pair like shell:domains = all/admin to grant the user the read/write privilege. On okta, I'm not sure where to do it but I will investigate further.

Finally, on the apic (ssh not gui), I wasn't able to find any logs to point me through missing AV pair or misconfigured AV pair but maybe I wasn't looking at the right logs file. Any assistance there would be helpful too.

Thank you very much.

BrianRoberson · ‎09-24-2023

Did you ever figure the AVPairs out with OKTA?