



## The following user, sally.duncan, is used to test Okta query. if (user in { "sally.duncan" } && basename(command) in { "okta_test.sh","okta_test"}) { # do not allow these commands to be delegated print ("user called okta_test.sh"); if (basename(command) in { "okta_test.sh","okta_test"}) { print ("command is okta_test.sh"); include '/etc/pb/okta_functions.conf'; RetrieveOkta_Group(); #print("We are now using print in poc20 policy for Okta"); #print(OktaDATA); DELIM=","; OktaFIELDS=split(OktaDATA,DELIM); print(OktaFIELDS); COUNT=0; COUNTER=0; TEST=split(OktaDATA, "\n"); for Lines in TEST { TEST2=split(Lines, ","); COUNT=length(TEST2); COUNT2=( COUNT -1); while ( COUNTER <= COUNT2 ) { #print(COUNTER); #print(TEST2[COUNTER]); if ( TEST2[COUNTER] == "DevOps" ) { print("Congratulations - you are a member of the DevOps Group in Okta, so you are authorized to execute this command"); COUNTER++; } else { COUNTER++; } } # End while COUNT=0; COUNTER=0; } # End for } accept; #reject("This is a restricted command okta_test.sh -- '" + basename(command) + "'."); }When you execute the script as a part of a “test” policy, you are able to determine the Okta group membership as shown below:


- The power of the PowerBroker for Unix & Linux scripting language to integrate into third-party solutions.
- The integration from PowerBroker for Unix & Linux to support group membership of Okta users.
- The support of PowerBroker for Unix & Linux in DevOps and Cloud environments in support of next-generation technologies.