This repository contains an integration between Okta Auto Approval and Indent. Once deployed, you will be able to use this integration with Indent to:
- GetDecision
Before you deploy these webhooks for the first time, create an S3 bucket to store Terraform state, add your credentials as GitHub Secrets, then update the bucket in main.tf
once you're done.
1. Configuring the S3 bucket
- Go to AWS S3 and select an existing bucket or create a new one.
- Select the settings given your environment:
- Name — easily identifiable name for the bucket (example = indent-deploy-state-123)
- Region — where you plan to deploy the Lambda (default = us-west-2)
- Bucket versioning — if you want to have revisions of past deployments (default = disabled)
- Default encryption — server-side encryption for deployment files (default = Enable)
2. Configuring AWS credentials
- Go to AWS IAM → New User and create a new user for deploys, e.g.
indent-terraform-deployer
- Configure the service account access:
- Credential type — select Access key - Programmatic access
- Permissions — select Attach existing policies directly and select
AdministratorAccess
- Add the
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
as GitHub Secrets to this repo
3. Connecting to Okta Auto Approval
- Go to Okta > Security > API > Tokens and create a new API Token, then give the token a descriptive name like
indent-integration-okta-approval
- Add this as
OKTA_TOKEN
as a GitHub Secret - Copy your Okta Domain URL and add this as
OKTA_DOMAIN
as a GitHub Secret - Add the number of hours you want users to retain access for under
AUTO_APPROVAL_DURATION
as a GitHub Secret (1 hour by default)
4. Connecting to Indent
- If you're setting up as part of a catalog flow, you should be presented a Webhook Secret or go to your Indent space and create a webhook
- Add this as
INDENT_WEBHOOK_SECRET
as a GitHub Secret
5. Deploy
- Enter the bucket you created in
main.tf
in thebackend
configuration - This will automatically kick off a deploy, or you can manually trigger from GitHub Actions
Visit this link to our documentation for information on setting up GitHub Secrets in this repository.
This repository auto-deploys to AWS Lambda when you push or merge PRs to the main
branch. You can manually redeploy the webhooks by re-running the latest GitHub Action job.