Okta Access Strategy
You can generate this!
You can automatically generate an AWS IAM Flow with
symflow generate okta
!
Sym and Okta combine to improve your security posture by reducing default access and requiring approval for escalations into privileged groups.

Okta workflow with Sym
Did you configure your Okta Integration?
Before continuing, make sure you followed the instructions on the main Okta page to set up your Okta API Key and Integration.
Before continuing, you will need to have:
- Connected Sym with AWS Secrets Manager
- Configured your Okta API Key with Sym
- Defined an Okta Integration resource
Add Okta Access Targets
Define sym_target
resources with type = "okta"
for all of the Okta Groups that you wish to manage access to.
group_id
: A required setting that must be set to the ID of the group being managed. The group IDs can be found at the end of the URL when viewing the Group details (Directory > Groups > Select your Group)
resource "sym_target" "okta_admin_access" {
type = "okta_group"
name = "main-admin-access"
label = "Admin Access"
settings = {
group_id = "00g12345xxx"
}
}
resource "sym_target" "okta_s3_access" {
type = "okta_group"
name = "main-s3-access"
label = "S3 Write Access"
settings = {
group_id = "00g67890xxx"
}
}
Add an Okta Access Strategy
Define a sym_strategy
resource with type = okta
and include the Okta Integration and Okta Access Targets you defined above.
resource "sym_strategy" "okta" {
type = "okta"
name = "main-okta-strategy"
integration_id = sym_integration.okta.id
# This must be a list of `okta_group` sym_target that users can request to be escalated to
targets = [sym_target.okta_admin_access.id, sym_target.okta_s3_access.id]
}
Add the Okta Strategy to your Flow
In your sym_flow
resource, reference your Okta sym_strategy
as the strategy_id
in your Flow Parameters.
resource "sym_flow" "this" {
name = "okta"
label = "Okta Group Access"
# ... other Flow attributes not shown
params {
strategy_id = sym_strategy.okta.id
# ... other Flow params not shown
}
}
Full Example
You can find the complete code for this example in our Okta Access Strategy Example.
Updated 2 months ago