gp-okta.conf

# --- general
#debug = 0
okta_url = https://company.okta.lan
vpn_url = https://vpn.company.lan
# use Okta Identity Engine (enabled by default)
#okta_oie = 1

# "gateway_url" forces authentication with specific gateway.
#gateway_url = https://ny1-gw.my.lan
# "another_dance" (0/1) defines whether to do second authentication, i.e.,
# after authentication with portal, do another authentication with gateway.
#another_dance = 0

username = myuser
password = mypass
# "gateway" is a preferred gateway selection, which portal asks for.
gateway = NEWYORK1-GW

# --- multi-factor authentication
#mfa_order = totp sms push webauthn
#sms.okta = 0
#totp.okta = ABCDEFGHIJKLMNOP
#totp.google = ABCDEFGHIJKLMNOP
#totp.symantec = ABCDEFGHIJKLMNOP

# --- certificates
# any defined "*_cert" is path to readable and unencrypted certificate file.
# "vpn_url_cert" and "okta_url_cert" are used to verify relevant URLs.
# "vpn_cli_cert" and "okta_cli_cert" are used as client certificate.
# any other "*_cert" and "vpn_url_cert" will be added to certs (see below).
#
#okta_url_cert = okta.pem
#okta_cli_cert = okta_cli.pem
#vpn_url_cert = vpn.pem
#vpn_cli_cert = vpn_cli.pem
#
# "certs" is (optional) path to certificate file, which will be overwritten
# and stored with all certificates encountered (in config and portal config).
# by default, "certs" is not specified, so a temporary file will be created.
# it will be used to verify gateways and passed to openconnect executable.
#
#certs = certs.pem

# --- execution
# "execute" (0/1) defines if openconnect (as specified with "openconnect_cmd"
# and "openconnect_args") is executed after OKTA authentication dance.
execute = 0
openconnect_cmd = sudo openconnect
openconnect_args =
# "openconnect_fmt" is manually specified format what to pipe to openconect.
# supports <cookie>, <username>, etc. other characters are provided as-is
#openconnect_fmt = <cookie><cookie>