Integrating Icinga2 with OKta

We are looking into methods on how to integrate icinga2 with Okta; possibilities found so far:

Configuring authentication as LDAP: https://www.okta.com/blog/2018/09/move-ldap-authentication-to-the-cloud-with-oktas-ldap-interface/
Configuring authentication as external, and install a proxy: https://stackoverflow.com/questions/50831044/azuread-authentication-to-icingaweb2

we use Okta as an authentication server for single-sign on, every application we have is connected with Okta.

Okta has an API feature where it provides operations to manage users in the organization. As for integration, Okta can be implemented with oauth2.0 as shown here: https://developer.okta.com/authentication-guide/implementing-authentication/
My question is, what is the best option to integrate icingaweb with Okta? should I setup icinga for basic authentication (external), and create a proxy to direct traffic to Okta, or should I go for a more secure option such as LDAP or Active Directory?

Can you please someone advise on this?

I believe you kind of answered your own question in there.
As you already have an SSO and want a secure way, your best way is to use the OKTA Directory-as-a-service and connect the IcingaWeb2 to that LDAP connection.

Regards

1 Like

To work with Okta with Icinga2… I should integrate Icingaweb2 with LDAP connection inside right?

I am still in confusion… Can you please advise the list of steps that exactly i should follow to integrate okta with Icingaweb2 for authentication?

I’d say none of us here ever used Okta, but hearing that there is an LDAP/AD interface exists would make the connection. Check the docs for specific attributes, the settings for LDAP can be specified as resource and auth provider.

I doubt that a step-by-step guide exists, and personally, I don’t like the way of asking for that every time in this open source community. I’d suggest to try things as suggested and learn as you test things.

Cheers,
Michael

thanks for your help