lsr4m (lsr4m) asked a question.
Hi,
I'm trying to create a SFTP connection within okta workflow module and getting "detected connection failure" error. I've checked that the Okta URL is in the whitelist to connect to the SFTP server but unable to find out the issue (no logs on okta and server side). Does anyone know what could be the problem here ?
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
You have probably already done this but double check your settings using the following Authorization guide. If you are using a domain address try the IP of the SFTP server instead.
https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/sftp/overview/authorization.htm
More SFTP connector documentation can be found here: https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/sftp/sftp.htm
Yep, i've tried with the IP as well but no luck. I wonder how can i troubleshoot this since the error message is not very user friendly and the SFTP server logs shows no incoming request from Okta instance IP (Okta URL translates into 2 Ips interchangeably).
Additionally, i land into the same error when i try with invalid credentials so i'm guessing okta is unable to identify the host or some other issue i'm not aware of.
The (500) makes me think this is server related so if you don't see anything in the logs on the server perhaps this is a proxy or firewall causing the error.
If leveraging the IP address provides the same responses it is not going to be DNS (Problem with Okta identifying the host). Is this an on-prem solution you are trying to reach? If so, the proxy/firewall mention is likely the cause. If it isn't getting through the border to the desired destination you wouldn't see logs at the destination. Note: on-prem connectivity is considered unsupported.
Hi Tim - yes, it's an on-premise solution. If i understand you correctly, okta can't connect to on-premise SFTP server ? Is there any other solution to this problem ?
@lsr4m (lsr4m) -- It's not that we cannot technically connect to an on-prem it is just going to be residing behind layers of security at your company borders. Anything from a firewall, proxy, load balancer, or other "traffic analyzer" solutions could potentially cause failure points and Okta Support isn't equipped to troubleshoot these on-prem based problems that are not really "Workflows" issues.
We are also not going to recommend an on-prem device be publicly exposed because most of them are not really designed to be (which increases security risk if they are).
With the cloud-based services their API's are already publicly facing and they have already implemented (and are responsible for) their own security mechanisms. These endpoints with the correct Auth allow access w/o any sort of security device configuration on your end.
As I stated. On-prem is not supported. However, it is possible to get it working but you would be fully responsible for the setup and your own security. The following is a list of IPs & Domains that Okta leverages (The IP's are broken out by cell). It is likely possible your security team could allow this traffic through and NAT (or some other routing option) the traffic to the API endpoint of your on-prem device.
https://help.okta.com/en-us/content/topics/security/ip-address-allow-listing.htm