Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guide: Enable Okta Verify on my macOS hosts using variables in configuration profiles #21294

Closed
10 tasks
noahtalerman opened this issue Aug 13, 2024 · 7 comments
Closed
10 tasks

Guide: Enable Okta Verify on my macOS hosts using variables in configuration profiles #21294

noahtalerman opened this issue Aug 13, 2024 · 7 comments
Assignees
@roperzh
Labels
bug Something isn't working as documented customer-pingali customer-reedtimmer #g-mdm MDM product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.57.0

Comments

@noahtalerman
Copy link
Member

noahtalerman commented Aug 13, 2024
edited
Loading

Goal

User story
As a Client Platform Engineer,
I want to know how to deploying a profile (SCEP payload) in Fleet w/ computer name, serial number, and UUID as variables
so that Fleet, for each host, populates this variable with host specific information. This way, I can install a unique SCEP certificate to enable Okta Verify on my macOS hosts.

Context

We learned that the necessary variables are already supported natively in macOS and we don't need to make changes to Fleet to support this workflow: #16958 (comment)

Changes

Product

  • Reference documentation changes: None.
  • UI changes: None.
  • CLI usage changes: None.
  • REST API changes: None.
  • Fleet's agent (fleetd) changes: None.
  • Permissions changes: None.
  • Changes to paid features or tiers: None.

Engineering

  • Feature guide changes: Sign up for an Okta trial, test this workflow, and write a guide that walks the IT admin through how to connect a macOS host to Okta verify using variables in config profiles in Fleet.
  • Database schema migrations: None.
  • Load testing: None.
@noahtalerman noahtalerman added story A user story defining an entire feature #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) labels Aug 13, 2024
@noahtalerman noahtalerman mentioned this issue Aug 13, 2024
Closed
10 tasks
@noahtalerman
Copy link
Member Author

Hey @georgekarrv, I can't remember...do we treat missing guides as bugs?

If so, can you please update this to a bug and pull it onto the release board?

cc @lukeheath

@noahtalerman noahtalerman mentioned this issue Aug 13, 2024
Open
@lukeheath
Copy link
Member

@noahtalerman Yes, we track any missing documentation as bugs. @georgekarrv please reformat and bring into the board when you have the chance. Thanks!

@georgekarrv georgekarrv added bug Something isn't working as documented :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. and removed story A user story defining an entire feature labels Aug 19, 2024
@georgekarrv
Copy link
Member

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @ghernandez345 @gillespi314 @jahzielv @mna @roperzh

@lukeheath lukeheath added the ~released bug This bug was found in a stable release. label Aug 23, 2024
@georgekarrv georgekarrv added :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. and removed :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. :product Product Design department (shows up on 🦢 Drafting board) labels Aug 26, 2024
@georgekarrv georgekarrv removed their assignment Aug 28, 2024
@roperzh roperzh self-assigned this Sep 3, 2024
@lukeheath lukeheath added this to the 4.57.0-tentative milestone Sep 5, 2024
@roperzh
Copy link
Contributor

roperzh commented Sep 6, 2024

note: it already happened in the past that we wanted a feature like this for both mac and windows, however since the issue description explicitly calls out macOS, I'll move forward with macOS only.

@roperzh
Copy link
Contributor

roperzh commented Sep 6, 2024

note II: looking at the Okta Verify flow, it's a multi step setup, where issuing a SCEP certificate is just one step of many. I won't note all of that in the guide, because we would be documenting the Okta product.

The guide will be about how to configure and distribute a SCEP profile in Fleet that uses Okta as the CA. Something very similar to this page only https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/configure-ca-main.htm

@roperzh
Copy link
Contributor

roperzh commented Sep 16, 2024

#22108

@fleet-release
Copy link
Contributor

Fleet links Mac to Okta,
Each host unique, secure.
A cloud city's lock.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@roperzh roperzh

Labels
bug Something isn't working as documented customer-pingali customer-reedtimmer #g-mdm MDM product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.57.0
Development

No branches or pull requests
5 participants
@georgekarrv @lukeheath @roperzh @noahtalerman @fleet-release