Okta + HashiCorp Terraform: Enable safe infrastructure automation with modern identity-driven server access
With Okta’s Advanced Server Access (ASA), users and devices are independently authenticated and authorized, and issued a short-lived, tightly-scoped credential, authorizing the request against the respective role-based access controls. ASA extends the benefits of Okta that you know and love all the way to the infrastructure layer, including authentication and automated lifecycle management, letting admins provision users, groups, and entitlements into servers as easily as they provision them into cloud apps and assets.
Combined with HashiCorp’s Terraform, this lets developers and operations teams add time-saving automation to processes without compromising security. Through automated workflows, teams can install a simple ASA server agent install script on each server; once activated, this handles local configuration, pulling users, groups, and permissions from Okta via API to create accounts locally. This adds efficiency and security: for example, when spinning up multiple individual servers for a project, your development teams won’t have to manually configure each one, or add accounts or credentials to scripts—a process that’s time-intensive and prone to errors. Instead, they only have to provision the ASA server agent via Terraform, and Okta does the rest, securely managing identity and access.
In addition to deploying ASA with Terraform, teams can easily configure, manage, and update their overall Okta infrastructure with Terraform, too. The Okta Identity Cloud and Terraform work together via APIs, enabling you to automate the entire provisioning and deployment process of your Okta org. The integration supports the flexibility to configure settings through either a friendly Admin UI or an API, and provides protection against unanticipated config changes within Okta by flagging changes made by one system in the other system. Key benefits include making your Okta infrastructure more predictable, easier to maintain, and deterministic; less time spent onboarding new applications; documented audit trail of states and changes; and more.
Okta + HashiCorp Vault: Keeping credentials securely accessible for developers and DevOps teams
For enterprises with use cases that require developers to use credentials, like a database password, Okta works with HashiCorp Vault to provides seamless, secure access to those credentials. Integrating HashiCorp Vault with Okta enables organizations to take advantages of the Okta authentication workflow to grant authorized developers easy access to their privileged credentials and other sensitive data stored and encrypted in HashiCorp Vault, while denying access to credential thieves.
Better together: Safely enabling “infrastructure as code”
DevOps teams want to be able to efficiently write, define, provision, and manage their infrastructure through the use of code. Okta and HashiCorp’s Terraform and Vault work together to enable these “infrastructure as code” practices, along with the safeguards that security teams need. With the products working together, administrators and security teams get contextual access details and the fine-grained controls they need to extend strong identity protections like Multi-Factor Authentication to a fast-moving, dynamic infrastructure environment. And development teams get the automation tools they need to simplify manual processes and accelerate software delivery, with security baked in.
Provide your development and operations teams the automation tools they need, while enhancing security at the same time
- Stand up a modern, agile, infrastructure-as-code environment with strong security baked in from the start
- Provide tools for developers and operations to securely spin up and down the cloud infrastructure they need, when they need it
- Minimize reliance on risky security methods like static keys, and safely store developer passwords until needed
- Enable your enterprise to take full advantage of elastic cloud architecture efficiencies without exposing it to additional risk