Add in documentation for Okta access list synchronization. #38355
Conversation
|
🤖 Vercel preview here: https://docs-97v8bdqan-goteleport.vercel.app/docs/ver/preview |
tcsc
force-pushed
the
tcsc/okta-docs-update
branch
from
24d209c to
f6a4dce
Compare
Documentation has been added for Okta access list synchronization.
mdwn
force-pushed
the
mike.wilson/okta-access-list-sync-docs
branch
from
46b43e1 to
a913983
Compare
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
github-actions
bot
requested review from
kimlisa,
ptgott,
r0mant,
xinding33 and
zmb3
|
🤖 Vercel preview here: https://docs-50sqt1080-goteleport.vercel.app/docs/ver/preview |
| When first synchronizing an Access List, the owners of each Access List will be assigned default owners | ||
| that are configured when setting up the Okta integration, and the initial review date will be | ||
| set 6 months from the current date. These fields are modifiable, as well as the owner and |
There was a problem hiding this comment.
i'm not sure i undrestood the owners of each Access List will be assigned default owners that are configured when setting up the Okta integration, did you mean like default grants?
There was a problem hiding this comment.
I'll reword this, but basically on initial import, the "owners" of the access list are the configured defaults.
There was a problem hiding this comment.
Just reworded this. Let me know what you think.
Co-authored-by: Lisa Kim <[email protected]>
|
🤖 Vercel preview here: https://docs-6promfpwl-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-1x17z16ly-goteleport.vercel.app/docs/ver/preview |
|
I wouldn't put this in the change log since docs go live immediately after merging the PR, they aren't "shipped" with the release. |
|  | ||
|
|
||
| In addition to importing Okta User Groups, you can also import direct application | ||
| assignments within Okta as Access Lists as well. This behaves in exactly the same way |
There was a problem hiding this comment.
Here you did the reverse of above. Access Lists is now capitalized but application assignments is not.
There was a problem hiding this comment.
@zmb3 should all mention of access lists be capitalized to Access Lists? I think i remember all product name should be capitalized, but I wasn't sure (we seem to cap access lists most of the time in this PR)
There was a problem hiding this comment.
The intent was to capitalize all mentions of access list, so I'll go over this with a fine toothed comb and make sure they're all capitalized properly.
There was a problem hiding this comment.
Is that correct though? Access list is not a product name. It's just a noun like user or role, isn't it?
There was a problem hiding this comment.
IIRC the prior art is to use Access List instead of access list.
|
|
||
| <Admonition type="warning"> | ||
| If the hosted integration is still active, removing Okta sourced Access Lists | ||
| could revoke Okta access from users in your organization. Please exercise caution |
There was a problem hiding this comment.
Feels like the UI should help prevent this. Does it give you a warning?
There was a problem hiding this comment.
no warning, but that's good feedback, i'll add a confirm delete dialog when i add okta badge on the access list listing
|  | ||
|
|
||
| In addition to importing Okta User Groups, you can also import direct application | ||
| assignments within Okta as Access Lists as well. This behaves in exactly the same way |
There was a problem hiding this comment.
@zmb3 should all mention of access lists be capitalized to Access Lists? I think i remember all product name should be capitalized, but I wasn't sure (we seem to cap access lists most of the time in this PR)
|
|
||
| <Admonition type="warning"> | ||
| If the hosted integration is still active, removing Okta sourced Access Lists | ||
| could revoke Okta access from users in your organization. Please exercise caution |
There was a problem hiding this comment.
no warning, but that's good feedback, i'll add a confirm delete dialog when i add okta badge on the access list listing
mdwn
added
the
no-changelog
| The owners of an Okta synchronized Access List will be preserved between runs. | ||
|
|
||
| <Admonition type="warning"> | ||
| Removing members from an Okta synchronzied Access List will remove the user from the Okta group |
There was a problem hiding this comment.
this also sounds like it would be good to add a confirmation dialog when deleting members from okta lists right?
There was a problem hiding this comment.
Hrm, I'm not sure. I get it on one hand, but on the other it could be frustrating if you had to work with a lot of users.
There was a problem hiding this comment.
Nit: I don't love the "Regex supported" text on the search bar.
- I'm not sure I've seen similar language in other products
- "Regex" is a very developer focused term
- It's not consistent with other search bars in the app
- We support glob and regex syntax, but the UI only mentions regex
Was this reviewed by design?
There was a problem hiding this comment.
Yes it was, at least to my knowledge (cc @kimlisa).
Co-authored-by: Zac Bergquist <[email protected]> Co-authored-by: Lisa Kim <[email protected]>
|
🤖 Vercel preview here: https://docs-kewgbaa1d-goteleport.vercel.app/docs/ver/preview |
| as user groups. | ||
|
|
||
| <Admonition type="note"> | ||
| Only Okta Applications with assignments will be imported as an Access List. If an Okta |
There was a problem hiding this comment.
I think this would prompt a user to ask a question "what happens if an application assignment is removed, will it remove access list?"
public-teleport-github-review-bot
bot
removed the request for review
from xinding33
Co-authored-by: Zac Bergquist <[email protected]>
|
🤖 Vercel preview here: https://docs-q6lz88e0w-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-r0uk53mih-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-q7hkhccbw-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-eys1gbyum-goteleport.vercel.app/docs/ver/preview |
Documentation has been added for Okta access list synchronization.