juz6q (juz6q) asked a question.
Okta Advance Server Access sudo entitlement comflict with Red Hat Identity management system
Currently, all Linux servers are enrolled in our Red Hat Identity Management System. From this system is where we can limit users to only run certain commands or have access to certain directories. We tested and found that if we set the rules in this system that we wanted to set in Okta (Example, the sudoedit /opt/test.txt command that was tested) it works. Red Hat Identity Management overrides what is set in Okta Advance server sudo entitlement. Is there any way to prevent this to get overrides?
Hello @juz6q (juz6q) Thank you for reacting out to our Community!
It looks to be an expected behavior as ASA can't control if another process is removing the entitlements. Not sure if they have a way in RHIM to avoid deleting entitlements from /etc/sudoers.d directory OR the includedir directive from /etc/sudoers.
Community members help others by clicking Like or Select as Best on responses. Try it today.
💡 Community Moderator Tip: Join a group today and connect with other Okta customers by region or product.