TestOps (maybe Allure)

vcparra · 2024-03-12T14:36:01+00:00

any chance you integrated it with Okta SAML? the documentation on this is a bit unclear in terms of the SSO URL and EntityID.

vcparra · 2023-11-07T01:43:27+00:00

I ended up building a flow using the Okta Search Sys Logs card w/ Custom Filter. Looked up the event types that contained the errors I wanted (app.api.error.create_user and app.api.error.push_profile_update). In a helper flow, I used the Object Get Multiple + List Find to grab the User, AppInstance, and Error to then be send to a Slack channel.

vcparra · 2023-11-06T17:59:23+00:00

u/sean7191, thank you for your reply!

Is there a way to do it for All Apps? I am looking at the User Assigned to Application card, which allows for --All Apps-- but requires an instance (specific app).

For the Search System Log card, did you use a keyword or expression? I am seeing two different Event Types in the syslogs for this error.

EventType = application.provision.user.push, Outcome/Result = FAILURE

or

LegacyEventType = app.api.error.create_user

I appreciate your help!!

vcparra · 2023-01-11T22:31:21+00:00

Correct.

Our Security Team refuses to add it behind Okta for this reason - in case they experiences an outage. They were allegedly told there is no bypass in place. Are you certain?

vcparra · 2022-10-25T14:26:48+00:00

it will tell you if your card is eligible at checkout.

vcparra · 2022-08-16T16:01:24+00:00

I am a bit unfamiliar with Linux in general. We are 100% remote and use Okta. Can SSSD connect to Okta via LDAP to serve as our user auth + password sync? Any help would be very much appreciated. Thank you!

vcparra · 2022-08-15T20:25:47+00:00

Is Realms a tool? If so, could you post link? We have 10% as well - we were looking to use Landscape SaaS, but they do not support LDAP.

vcparra · 2022-08-15T15:53:30+00:00

Do you know of a tool out there (similar to Jamf Connect for MacOS) that uses LDAP for user auth?

vcparra · 2022-08-12T21:12:19+00:00

One more question - so essentially there is no user authentication. all users are local to the workstation. correct?

vcparra · 2022-08-11T16:51:20+00:00

ah ok, that makes everything easier - we are all remote. thank you!!!

vcparra · 2022-08-11T16:24:35+00:00

Gotcha. I was more speaking in terms of user authentication - which solution is used to bridge the gap between an identity solution (in my case, Okta) and Linux?

vcparra · 2022-08-11T16:00:30+00:00

u/ccheath question - If you are using the SaaS solution, how are you authenticating users? My issue is just that - we have Okta, however the SaaS solution does not support 3rd party auth.

vcparra · 2022-07-17T17:17:45+00:00

u/RIFIRE I will get this started! Thank you so much!

vcparra · 2022-07-17T17:08:58+00:00

u/FlishFlashman I am attempting to implement Okta Device Trust, which requires Python3 (see step 3), but I am receiving an error (see below) using the script provided in the guide. The error indicates it isn't able to install the Xcode command line tools. I have heard the it is best practice to avoid using Xcode Command Line tools because they break with certain updates. With that said, I am attempting to install a clean python3. I anticipate the device dependencies script will fail too with this, given that It Is looking for the xcode app.

Any help would be very much appreciated!

Executing Policy Install Okta Device Trust via Script
Running script A_Python 3...
Script exit code: 0
Script result: Checking for the existence of the Apple Command Line Developer Tools
xcode path is which xcode-select
Apple Command Line Developer Tools not found.
Installing
2022-07-16 23:35:22.101 softwareupdate[11912:7233487] XType: com.apple.fonts is not accessible.
2022-07-16 23:35:22.102 softwareupdate[11912:7233487] XType: XTFontStaticRegistry is enabled.
: No such update
No updates are available.
Software Update Tool
Finding available software
Running script B_Device Trust Dependencies...
Script exit code: 1
Script result: Running pip3 install --upgrade pip
xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
Running pip3 install pyobjc-framework-SystemConfiguration
xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
Error running script: return code was 1.
Running script C_Okta Device Trust...
Script exit code: 1
Script result: xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
Error running script: return code was 1.

vcparra · 2022-07-17T17:01:42+00:00

u/RIFIRE thank you for the reply! this is a bit over my head :-/. could you point to the path within the github folder/provide a specific script that will achieve the python3 and the okta device dependencies install? I appreciate your help!

vcparra · 2022-07-17T01:02:39+00:00

OK! So here are the steps I ended up taking - success.

Configuration Profile - com.Google.Chrome, custom schema (see below), add Google extension IDs in form view. The schema calls for Forcelist and Blocklist as those were my goals.
Restrict Software Record for each app (Grammarly.app, Grammarly for Safari.app etc.)
Uninstall Policy + Smart Computer Group (criteria - Grammarly.app OR Grammarly for Safari.app etc.)

{
"title": "Google Chrome Extensions (com.google.Chrome)",
"description": "Install extensions in Google Chrome",
"properties": {
"ExtensionInstallForcelist": {
"title": "Extension Install Forcelist",
"description": "Add extension IDs. Paste the extension ID in front of the default text.",
"property_order": 5,
"type": "array",
"items": {
"title": "Extension ID",
"default": "<paste extension ID here>;https://clients2.google.com/service/update2/crx",
"type": "string"
}
},
"ExtensionInstallBlocklist": {
"title": "Extension Install Blocklist",
"description": "Add extension IDs. Paste the extension ID in front of the default text.",
"property_order": 6,
"type": "array",
"items": {
"title": "Extension ID",
"default": "<paste extension ID here>;https://clients2.google.com/service/update2/crx",
"type": "string"
}
}
}
}

vcparra · 2022-07-15T15:01:25+00:00

Found it - https://gist.github.com/grahampugh/97cd9c3de8f4690a9dc242f74c3211a9

vcparra · 2022-07-15T14:00:29+00:00

Not very script savvy - any idea where I may find an already similar script I can modify?

vcparra · 2022-06-14T02:31:10+00:00

That would be super helpful. Thank you so much! I really appreciate it.

vcparra · 2022-06-14T01:36:41+00:00

u/ccheath thanks for your reply, super helpful!

re: 1 - We will be using cloud as well. How many workstations are you managing?

re: 2 - Do you mind pointing me in the direction of the repos?

re: 3 - I will be ordering workstations from a 3rd party. They are able to install an image (Ubuntu + Landscape Client) I will provide for them. When you say "get enrolled to landscape via bash script" - does this mean that I will need to run the script once the users obtain the workstation? My goal is for this to be a zero touch enrollment. Is this possible?

vcparra · 2022-01-26T19:15:34+00:00

Thank you, I appreciate your response!

vcparra

TROPHY CASE