Skip to content

Commit

Permalink
Spelling changes, linting
Browse files Browse the repository at this point in the history
  • Loading branch information
mzhaase committed Nov 12, 2024
1 parent 42f7e36 commit 37a5e34
Showing 1 changed file with 8 additions and 9 deletions.
17 changes: 8 additions & 9 deletions website/integrations/services/hashicorp-vault/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,19 +90,19 @@ vault write auth/oidc/role/reader \

## External Groups

If you wish to manage group membership in vault via Authentik you have to use [external groups](https://developer.hashicorp.com/vault/tutorials/auth-methods/oidc-auth#create-an-external-vault-group).
If you wish to manage group membership in Hashicorp Vault via Authentik you have to use [external groups](https://developer.hashicorp.com/vault/tutorials/auth-methods/oidc-auth#create-an-external-vault-group).

:::note
This assumes that the steps above have already been completed and tested.
:::

### Step 1

In authentik, edit the oidc provider created above. Unser "Advanced protocol settings" add "authentik default OAuth Mapping: OpenID 'profile'". This includes the "groups" mapping.
In authentik, edit the OIDC provider created above. Under **Advanced protocol settings** add `authentik default OAuth Mapping: OpenID 'profile'` This includes the groups mapping.

### Step 2

In hashicorp vault, change the reader role
In Vault, change the reader role to have the following settings:

```
vault write auth/oidc/role/reader \
Expand All @@ -116,7 +116,7 @@ vault write auth/oidc/role/reader \
oidc_scopes=[ "openid profile email" ]
```

Add a group
Add a group.

```
vault write identity/group/reader \
Expand All @@ -125,20 +125,19 @@ vault write identity/group/reader \
type="external"
```

Get the canonical id of the group
Get the canonical ID of the group.

```
vault list identity/group/id
```

Get the id of the oidc accessor
Get the ID of the OIDC accessor.

```
vault auth list
```


Add a group alias, this maps the group to the oidc backend
Add a group alias, this maps the group to the OIDC backend.

```
vault write identity/group-alias \
Expand All @@ -147,5 +146,5 @@ vault write identity/group-alias \
name="group name in authentik"
```

You should then be able to sign in via OIDC
You should then be able to sign in via OIDC.
`vault login -method=oidc role="reader"`

0 comments on commit 37a5e34

Please sign in to comment.