Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thycotic with SAML (okta) and MFA
#1
Hello,

Has anyone gotten Thycotic integration to work when using SAML via okta with MFA?
Reply
#2
I checked the API documentation and can't see any differences to other login methods - but we never tried that in our environment...
Regards/Gruss
Oliver
Reply
#3
I might open a ticket with thycotic about it.  Are you using the SOAP or rest api endpoints?  From the URLs I see in the samples it looks like SOAP.
Reply
#4
Yes currently we only use the SOAP interfaces
Regards/Gruss
Oliver
Reply
#5
Did some tinkering,

First I had the webservice URL wrong, after correcting that and having it set to windows auth I can hit the browse button and I get the proper list of folders.  
If I hit the Sync button I get an Error Reading credentials error even thought Windows auth is picked and it is dimmed. 
   
Then if I go ahead and give it credentials and try to sync again I get a Reading data error about MaxRecievedMessageSize
   
Reply
#6
First issue is a bug - I noticed same last week when optimizing some other code - just set a cred it will not be used. It's fixed already for the next version

Second issue - goto Settings=>Thycotic - there you can set the MaxReceivedMessageSize to a bigger value - it's the default but in huge environments it is too small - try 500000 instead of 64k
Regards/Gruss
Oliver
Reply
#7
That did it, I ended up adding another 0 on there, we have a few thousand passwords in our folder.  Probably needs some cleanup, but it is going.  Thank you.  So If I create a public folder like thi and only sync the names, if someone doesn;t ahve access it won;t give them the passwords right?
Reply
#8
Yes - if only names are synced every time you try to use the credential object will ASGRD retrieve the credential details from Thycotic - if the user has no access they won't be able to use these creds…
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)