Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Identity Center Okta to Teleport migration guide #51861

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

docs: Identity Center Okta to Teleport migration guide #51861

wants to merge 10 commits into from
+335 −0

Conversation

tcsc
Copy link
Contributor

@tcsc tcsc commented Feb 5, 2025

No description provided.

@tcsc tcsc added the no-changelog Indicates that a PR does not require a changelog entry label Feb 5, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 5, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
tcsc/ic-migration-guide 44f3a55 9 ✅SUCCEED tcsc-ic-migration-guide 2025-03-06 03:00:35

r0mant
r0mant reviewed Feb 5, 2025
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable, left a few things to consider.

docs/img/identity-center/ic-migrate-end.png Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's please use LucidChart for the diagrams so all the graphics in our documentation are consistent.

docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx
Comment on lines +126 to +128
--user-origin okta \
--account-name ${ACCOUNT_NAME_ALLOW_FILTER} \
--group-name ${GROUP_NAME_ALLOW_FILTER}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A logical question that arises, how can these filters be updated after the integration has been created? I didn't see a mention of this later in the guide.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I see you added a section below on editing the integration. Maybe just add a quick note here that group filters can be updated and a reference to the later section of the guide.

tcsc added 2 commits March 5, 2025 13:17
@tcsc
Merge remote-tracking branch 'origin/master' into tcsc/ic-migration-g…
ef887e5 
…uide
@tcsc
Review feedback
9a3d78c 
- Rearranged to move migration path into "how it works"
- Added Uninstall section
- Added edit section
@tcsc tcsc temporarily deployed to docs-amplify March 5, 2025 08:05 — with GitHub Actions Inactive
@tcsc tcsc marked this pull request as ready for review March 5, 2025 08:09
@tcsc tcsc temporarily deployed to docs-amplify March 5, 2025 08:09 — with GitHub Actions Inactive
@tcsc tcsc requested a review from smallinsky March 5, 2025 08:13
@tcsc tcsc temporarily deployed to docs-amplify March 5, 2025 08:17 — with GitHub Actions Inactive
zmb3
zmb3 reviewed Mar 5, 2025
View reviewed changes
docs/img/identity-center/ic-migrate-mid.png Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this one have a white background and the other images have transparent backgrounds?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea. Will re-export from lucid and see what happens.

docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx Outdated
To make sure everything is working, wait until the first Okta to Teleport user
sync has occurred. You can verify this by either
- refreshing the user page and finding your Okta users,
- checking the Okta integration status page, or
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or what?

r0mant
r0mant reviewed Mar 5, 2025
View reviewed changes
docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx Outdated
region: us-east-1
```

You can add or remove filters to the various filters. Once you save and quit the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"filters to the various filters" reads strange

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And this is why proofreading exists.

docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx Outdated

## Step 7: Retire Okta group provisioning

Once you are happy that a group has been migrated to Teleport control, you can
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels like a word is missing here, maybe "that group provisioning has been migrated"?

docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx

## Deleting the Identity Center integration

If you decide not to switch over to Teleport you can delete the Identity Center
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should clarify what happens during deletion and how to clean up resources created by the integration.

@tcsc @r0mant @zmb3
Apply suggestions from code review
909909e 
Co-authored-by: Roman Tkachenko <[email protected]>
Co-authored-by: Zac Bergquist <[email protected]>
@tcsc tcsc temporarily deployed to docs-amplify March 6, 2025 00:23 — with GitHub Actions Inactive
@tcsc tcsc temporarily deployed to docs-amplify March 6, 2025 02:46 — with GitHub Actions Inactive
@tcsc tcsc temporarily deployed to docs-amplify March 6, 2025 02:55 — with GitHub Actions Inactive
@tcsc tcsc requested review from zmb3 and r0mant March 6, 2025 04:21
smallinsky
smallinsky reviewed Mar 6, 2025
View reviewed changes
docs/pages/admin-guides/management/guides/migrating-iam-ic-from-okta-to-teleport.mdx
$ tctl plugins install awsic \
--arn ${IDENTITY_CENTER_INSTANCE_ARN} \
--region ${IDENTITY_CENTER_INSTANCE_REGION} \
--use-system-credentials \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add more details on use-system-credent?
Like provide hint that it refers to AWS credentials. Specifically, it should clarify that use-system-credent will allow to load AWS credentials from the local environment in Teleport Auth to authenticate with the AWS IC API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smallinsky smallinsky smallinsky left review comments

@mmcallister mmcallister Awaiting requested review from mmcallister

@ptgott ptgott Awaiting requested review from ptgott

@zmb3 zmb3 Awaiting requested review from zmb3

@r0mant r0mant Awaiting requested review from r0mant

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
aws-iam-identity-center documentation no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tcsc @r0mant @zmb3 @smallinsky