docs: Identity Center Okta to Teleport migration guide #51861
Conversation
tcsc
added
the
no-changelog
|
Amplify deployment status
|
There was a problem hiding this comment.
Let's please use LucidChart for the diagrams so all the graphics in our documentation are consistent.
| Identity Center users and groups to Teleport management, including having | ||
| Teleport control individual user and group Account Assignments. | ||
|
|
||
| By default, Teleport wants to control all user and group provisioning into |
There was a problem hiding this comment.
| By default, Teleport wants to control all user and group provisioning into | |
| By default, Teleport controls all user and group provisioning into |
| - watching the Teleport logs | ||
|
|
||
| Once your Okta users are imported into Teleport, you can progress to the next | ||
| step: |
There was a problem hiding this comment.
| step: | |
| step. |
| sync has occurred. You can verify this by either | ||
| - refreshing the user page and finding your Okta users, | ||
| - checking the Okta integration status page, or | ||
| - watching the Teleport logs |
There was a problem hiding this comment.
Nit: I'd remove this one in favor of the previous two more user-friendly options. Plus, it won't suit Cloud customers.
| - watching the Teleport logs |
| --user-origin okta \ | ||
| --account-name ${ACCOUNT_NAME_ALLOW_FILTER} \ | ||
| --group-name ${GROUP_NAME_ALLOW_FILTER} |
There was a problem hiding this comment.
A logical question that arises, how can these filters be updated after the integration has been created? I didn't see a mention of this later in the guide.
|
|
||
| For more information, see the [Identity Center Integration guide](./aws-iam-identity-center.mdx) | ||
|
|
||
| ## Step 6: Retire Okta group provisioning |
There was a problem hiding this comment.
Should probably also include a section on how to unenroll the Teleport integration side of this as well in case someone decides they don't want to switch yet.
No description provided.