Trouble getting Okta and roles to work

dcherry88 · November 29, 2022, 2:47pm

Product: PowerShell Universal
Version: 3.5.5 - IIS Hosted

I’m working on trying to get my PSU instance working with Okta, coming from Windows auth method in IIS.

I followed the documentation regarding setup of Okta and PSU with my coworker who manages Okta. It seems like we are all squared on that part, but naturally i’m hitting “Unauthorized access” page. I popped up SAML tracer and found the AD group in Okta under Role, so i attempted to use the -claimtype ‘roles’ -claimvalue ‘ad-groupname’ on the new-psurole for administrator, but i’ve had no luck. If i try to move back to using the scriptblock, I have $userinfojson outed to a temp json file but it’s not populating any data.

Frankly, i’m hitting a wall and not sure what to try next.

dcherry88 · November 30, 2022, 6:11pm

I shifted over to MSI install and finally got some movement.

In the end the -claimtype and -claimvalue settings wouldn’t work for the role. I ended up doing script code and got it working like-so:

param(
[Security.ClaimsPrincipal]$User
)

$UserName = ($User.Identity.Name)
$UserName = $UserName.Substring($UserName.IndexOf('\')+1,($UserName.Length -($UserName.IndexOf('\')+1)))

$IsMember = $false;

if($User.HasClaim("Role", "<ADGROUP NAME>")){
    "User $username has role <ADGROUP NAME>" | Out-File "C:\temp\role.txt"
    $IsMember = $true
}

Topic		Replies	Views
Not getting AD groups as claims with Okta authentication PowerShell Universal	7	1365	April 21, 2022
Help with Okta setup PowerShell Universal	4	584	April 5, 2022
AD authentication and authorization once again PowerShell Universal	5	832	June 1, 2023
Okta OIDC no groups in claims PowerShell Universal	3	481	February 10, 2021
Claims and roles only working for some PowerShell Universal	8	989	November 3, 2021

Trouble getting Okta and roles to work

Related topics