Use Okta groups in Tailscale ACL files

sigve · July 2, 2021, 7:36am

We would like to grant employees access to specific resources in the ACL list based on group membership propagated from Okta. We have groups available in Okta. Is it possible to use metadata from Okta in ACL files, for example for defining Tailscale groups or in the ACLs themselves? Perhaps we could have written something like

"TagOwners": {
	"tag:montreal-webserver": [
		"oktagroup:montreal-admins",
		"oktagroup:global-admins",
	],
}

If this is not possible, I guess we would have to write this syncronisation our selves, and then push the information via Tailscale API · Tailscale. We would prefer not to duplicate this effort though. I think this is something most Okta users would like.

DGentry · July 2, 2021, 1:32pm

At present there isn’t a way to do this automatically, but we are actively working on developing SCIM to synchronize group memberships with Okta. It should be available in this calendar year.

Topic		Replies	Views
Group based named SSH access ACL (Access Control Lists)	0	523	July 7, 2022
Azure AD Security Groups ACL (Access Control Lists)	2	1742	January 17, 2022
Help Creating ACLs/Policy File ACL (Access Control Lists)	0	786	September 26, 2022
ACL tag question ACL (Access Control Lists)	3	960	October 15, 2020
Are the values of nodeAttrs exposed to tailscaled/tsnet? ACL (Access Control Lists)	0	464	October 18, 2022

Use Okta groups in Tailscale ACL files

Related topics