Test the integration

Test your HashiCorp (HCP) Vault integration to ensure that users can access it through Okta. You can either do this through the HCP Vault UI or through a CLI.

Allow pop-up windows in your browser before you complete these steps.

If the integration doesn't work as expected, follow the steps in the Troubleshooting section.

Sign in through the HCP Vault UI

  1. Sign in to Vault.
  2. Set the Method to OIDC
  3. Leave the Role field blank to use the default role, or set it to vault-role-okta-default.
  4. Click Sign in with Okta. A browser window opens.
  5. Sign in as a user who's assigned to the default Okta role.

Sign in through a CLI command

Repeat the following steps for each user group that you created in Configure groups in Okta.

  1. Run this command to sign in to HCP Vault using the default Okta role:#!/bin/bash vault login -method=oidc role="vault-role-okta-default" A browser window opens.
  2. Sign in as a user who's assigned to the default Okta role. The CLI displays a success message and your token information.

If the sign-in attempt is unsuccessful, make sure the user has the correct group assignment. See Configure groups in Okta.

Troubleshooting

Here are some common issues that orgs experience with their integration and their fixes. For other issues, see the HPC Vault Troubleshooting guide.

Okta groups don't appear in Vault

Ensure that the group names in Okta begin with okta-group-vault. See Configure groups in Okta.

Users can't sign in to Vault

Ensure that the mount path and listening port variable are configured correctly. See step 6 in Configure the app in Okta for more information.