A small script to migrate or synchronize users & groups from Okta to AWS SSO

Overview

aws-sso-sync-okta

A small script to migrate or synchronize users & groups from Okta to AWS SSO

Foo Foo Foo

Changelog Version
Remove hardcoded values on variables and enable arguments as group_name 0.5
Fixed search filtering in okta + enable dry run mode 0.6
Enable iterating over a list obtained via SSM Parameter Store) 0.7
Fix error iterating on check_aws_groups 0.8

Current version: 0.8

This script is intended to syncronize all or some selected users from Okta to AWS SSO based on a query filtering by group name on both APIs.

Workflow:

  1. Connect to AWS SSM to get access credentials for both APIs
  2. It asks to OKTA API for groups matching "okta_groups" variable (okta may show more than one match since the search is regexp based )
  3. Get all Group_Id's for the matching groups (if no groups matching exits)
  4. Then for each group found asks for all the users inside those groups
  5. Compare all the users (email) from Okta against AWS SSO and chekcks if the user exists or not in AWS SSO.
  6. If the user exists does nothing, if doesn't creates it.
  7. Then on a second phase asks AWS for groups matching "aws_groups" variable ( exact match )
  8. And search for every user in that groups
  9. If the user does not exists in that group creates it.

Configuration

  1. Get your AWS SSO Setup ready and collect the necessary values (SCIM URL's for users and groups) More info: https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html

  2. Create an API token to ask AWS API.

  3. Create an Okta API token

  4. Save those values into an SSM (Parameter Store) [okta_api_token and amz_sso_api_token]

  5. Put your SCIM URL's into the script

  6. Save and quit

Usage

sync-users.py <group_name>

Considerations

  • Okta API when searching for groups (https://developer.okta.com/docs/reference/api/groups/) as they mention in the documentation, currently performs a startsWith match but it should be considered an implementation detail and may change without notice in the future. To avoid more than one result I strongly sugget to use prefixes as a naming convention for the group names (I.e.: xx_groupname), but for now the script is being modified to do some checks and verify there's only one result. (It's a prevention measeure, of course it can be iterated on a loop if necessary)

Demo:

[email protected][~]> sync-users.py xx_devops

>> Syncing users from Okta to AWS SSO
==========================================
>> Retrieving Group ID's from Okta.........
['xx_devops']
  00g1by6snswq40ERK417 - [ xx_devops ]
>> Getting users from retrieved group ID's .........
>> Got 2 users from Okta
>> Checking AWS SSO users list.....
>> User [ [email protected] ] 93671e0715-1525f435-9359-4c9b-a2fe-13209d15cff8 already exists...
>> User [ [email protected] ] 93671e0715-08b298da-4bce-4f2e-a7b2-18433607d07f already exists...
>> Searching Groups matching: [ xx_devops ]
>> Results found: 1
>> Group ID: 93671e0715-b65a0f2f-ds7d-402d-a05c-91441697f9dc
>> User [ [email protected] ] already exists in group93671e0715-b65a0f2f-ce8b-a05c-a05c-91441687f9dc
>> User [ [email protected] ] already exists in group93671e0715-b65a0f2f-ce8b-a05c-a05c-914416973fdc
>> User [ [email protected] ] creating user into AWS SSO .......OK
>> User [ [email protected] ] creating user into AWS SSO .......OK
>> User [ [email protected] ] creating user into AWS SSO .......OK

TODO/WIP

  • Iterate over a list of groups to sync multiple groups
  • Get the list of groups from SSM (Parameter Store) instead of passing an argument to the script

Troubleshooting

(WIP)

WARNING: Since this software is not tested enough I would strongly suggest to run it carefully by syncing the groups from OKTA to AWS SSO one by one!! this was you only can screw up one group at time :)

Since the access credentials are stored in Parameter Store (AWS SSM),be sure to launch this script being authenticatd via CLI against the Root Account or where you're configuring the AWS SSO and AWS SSM. Otherwise the script won't be able to find the access credentials for both API's.

Owner
Paul
Devops Engineer
Paul
Ts-matterbridge - Integrate TeamSpeak Chat with MatterBridge

TeamSpeak-MatterBridge Bot You can use this bot to integrate TeamSpeak Chat with

4 Sep 25, 2022
GG Dorking is a tool to generate GitHub and Google dorking for pentesters and bug bounty hunters.

GG-Dorking GG Dorking is a python tool to generate GitHub and Google dorking links for pentesters and bug bounty hunters. It will help you to find imp

Eslam Akl 80 Nov 24, 2022
Automate TikTok follower bot, like bot, share bot, view bot and more using selenium

Zefoy TikTok Automator Automate TikTok follower bot, like bot, share bot, view bot and more using selenium. Click here to report bugs. Usage Download

555 Dec 30, 2022
A simple test repo created following docker docs.

docker_sampleRepo A simple test repo created following docker docs. Link to docs: https://docs.docker.com/language/python/develop/ Other links: https:

Suraj Verma 2 Sep 16, 2022
Experimental bridges between Telegram calls and other platforms.

Bridges by Calls Music Experimental bridges between Telegram calls and other platforms. Current bridges Bridge 1 (YouTube, Twitch, Facebook, etc...) B

Calls Music 14 Oct 08, 2022
SIGIT - Simple Information Gathering Toolkit

SIGIT - Simple Information Gathering Toolkit Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find ema

Termux Hackers 437 Dec 29, 2022
数字货币BTC量化交易系统-实盘行情服务器,虚拟币自动炒币-火币API-币安交易所-量化交易-网格策略。趋势跟踪策略,最简源码,可在线回测,一键部署,可定制的比特币量化交易框架,3年实盘检验!

huobi_intf 提供火币网的实时行情服务器(支持火币网所有交易对的实时行情),自带API缓存,可用于实盘交易和模拟回测。 行情数据,是一切量化交易的基础,可以获取1min、60min、4hour、1day等数据。数据能进行缓存,可以在多个币种,多个时间段查询的时候,查询速度依然很快。 服务框架

dev 258 Sep 20, 2021
domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time.

domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time

Naufal Ardhani 59 Dec 04, 2022
🚀 An asynchronous python API wrapper meant to replace discord.py - Snappy discord api wrapper written with aiohttp & websockets

Pincer An asynchronous python API wrapper meant to replace discord.py ❗ The package is currently within the planning phase 📌 Links |Join the discord

Pincer 125 Dec 26, 2022
StringSessionGenerator - A Telegram bot to generate pyrogram and telethon string session

⭐️ String Session Generator ⭐️ Genrate String Session Using this bot. Made by TeamUltronX 🔥 String Session Demo Bot: Environment Variables Mandatory

TheUltronX 1 Dec 31, 2021
🦊 Powerfull Discord Nitro Generator

🦊 Follow me here 🦊 Discord | YouTube | Github ☕ Usage 💻 Downloading git clone https://github.com/KanekiWeb/Nitro-Generator/new/main pip insta

Kaneki 104 Jan 02, 2023
a discord libary that use to make discord bot with low efficiency and bad performance because I don't know how to manage the project

Aircord 🛩️ a discord libary that use to make discord bot with low efficiency and bad performance because I don't know how to manage the project Examp

Aircord 2 Oct 24, 2021
A Python interface between Earth Engine and xarray for processing weather and climate data

wxee What is wxee? wxee was built to make processing gridded, mesoscale time series weather and climate data quick and easy by integrating the data ca

Aaron Zuspan 160 Dec 31, 2022
Criando Lambda Functions para Ingerir Dados de APIs com AWS CDK

LIVE001 - AWS Lambda para Ingerir Dados de APIs Fazer o deploy de uma função lambda com infraestrutura como código Lambda vai numa API externa e extra

Andre Sionek 12 Nov 20, 2022
Unofficial GoPro API Library for Python - connect to GoPro via WiFi.

GoPro API for Python Unofficial GoPro API Library for Python - connect to GoPro cameras via WiFi. Compatibility: HERO3 HERO3+ HERO4 (including HERO Se

Konrad Iturbe 1.3k Jan 01, 2023
A simple use library for bot discord.py developers

Discord Bot Template It's a simple use library for bot discord.py developers. Ob

Tir Omar 0 Oct 16, 2022
Cleaning Tiktok Hacks With Python

Cleaning Tiktok Hacks With Python

13 Jan 06, 2023
A free and open-source SMS/Call bombing application

TBOMB V0.1 A free and open-source SMS/Call bombing application NOTE: For Termux To use the bomber type the following commands in Termux: pkg install g

ᴀɴᴋɪᴛ ᴋᴜᴍᴀʀ 2 Dec 07, 2021
An open souce video/music streamer based on MPV and piped.

🎶 Harmony Music An easy way to stream videos or music from Youtube from the command line while regaining your privacy. 📖 Table Of Contents ❔ What's

Zingy Tomato 16 Nov 15, 2022
Receive GitHub webhook events and send to Telegram chats with AIOHTTP through Telegram Bot API

GitHub Webhook to Telegram Receive GitHub webhook events and send to Telegram chats with AIOHTTP through Telegram Bot API What this project do is very

Dash Eclipse 33 Jan 03, 2023