Provide an easy way for your scripts to access ressources behind an Okta SSO solution, without the need for an API token.
- Python 3
- An Okta account
Check if your distro is supported on software.opensuse.org, or on build.opensuse.org.
Original project from B-Souty (last release: Dec 12, 2018) is available on PyPI.
~WARNING~ Currently the script only works if you have "push", "secret question" or "software token" enabled as MFA.
The main goal of this script is to help you login to an application using SSO with Okta, without requiring any API token.
As part of another scripts, it allows you to have an okta_session object from where you can connect to all application assigned to you in Okta.
Start by importing the module and instantiate an OktaSession object with your Okta instance/organization name.
from oktaloginwrapper import OktaLoginWrapper as OLW
my_session = OLW.OktaSession(okta_instance) #Where okta_instance is https://<okta_instance>.okta.comThen, depending on the type of multi-factor you want to use, you can do as follow
-
Most Basic use with push notification (default). You have 60 seconds to approve the connection on your phone.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... ) 59 seconds remaining before timeout. 57 seconds remaining before timeout. 55 seconds remaining before timeout. 'You are now logged in.'
-
Connect using the secret question.
- You can provide the answer directly during authentication. this will log you straight in.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... answer='<your_answer>' ... ) 'You are now logged in.'
- Or using the interactive way by providing the factor_type. You will be prompted to enter the answer.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... factor_type='question' ... ) What was your dream job as a child >? <your_answer> 'You are now logged in.'
- You can provide the answer directly during authentication. this will log you straight in.
-
Connect using a software token. (Currently not tested with hardware token)
- You can provide the passCode directly during authentication. this will log you straight in.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... passCode='<your_passCode>' ... ) 'You are now logged in.'
- Or using the interactive way by providing the factor_type. You will be prompted to enter the passCode.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... factor_type='token' ... ) Please type in your OTP: >? <your_passCode> 'You are now logged in.'
- You can provide the passCode directly during authentication. this will log you straight in.
-
Connect to an app assigned to you.
- You need to know the "embedded" link of the app you want to log into and pass it as an argument of connect_to().
my_app = my_session.connect_to(<your_app_url>)
Alternatively, you can use the provided method app_list() to retrieve the list of apps assigned to you along with their url and connect from there.
>>> my_apps = my_session.app_list() >>> my_app = None >>> app_name = <your_app_name> >>> for app in my_apps: ... if app.get('label') == app_name: ... my_app = my_session.connect_to(app.get('linkUrl')) >>> if not my_app: ... print("You do not have {} assigned in Okta.".format(app_name))
- You can also use the method connect_from_appslist() to get an interactive way to select you app and connect to it.
>>> my_app = my_session.connect_from_appslist() app name: >? Slack 0 - Slack 1 - Slack-dev Please select the app to connect to: >? 0
- You need to know the "embedded" link of the app you want to log into and pass it as an argument of connect_to().
-
Then simply close the session when you're done.
my_session.okta_session.close()
It can also be executed but this is mainly a proof of concept as it just print the raw content. I will probably remove that part at some point in the future.
This project is licensed under the MIT License - see the LICENSE.md file for details