External Test Users

On this page

• 📋 Summary
• 🚀 Instructions
• 📝 Example Configuration

📋 Summary

For external application and API testing, you cannot use your own user account with non-prod roles assigned as your account will not be in the Okta external tenant. For external applications, you will need to maintain a list of your own external users with the appropriate group memberships and use this for integration and API testing.

Maintaining users will be through Terraform and Azure DevOps pipelines. The pipeline and terraform code to maintain external users are automatically created by the test tools project that is created using the SAIF CLI template saif-test-tools. This article will describe the process of maintaining external users.

Password Storage

Passwords are not defined in the user definition manual, but securely stored in an Azure DevOps pipeline variable group library. The key of the variable must match the YAML defined login: value.

🚀 Instructions

To configure users in external Okta:

1. Open Repo/infra/test-user-maint-external/okta/my-test-users.yml
2. Define users in the user_map: array

   If the array is empty, remember to remove the empty array syntax: []

3. Save the file
4. Commit your changes
5. In Azure DevOps, navigate to or create the password map library in your project
6. The name should be [your username]-ext-test-users-password-map
7. The key should be the username (include @domain syntax)
8. The value should be your desired password
9. The setting should be flagged as secret
10. Run the [project id]-external-test-users pipeline

    E.G. it-test-tools-bilbag-external-test-users

📝 Example Configuration

Sample my-test-users.yml file:

user_map:
  - first_name: 'Frodo'
    last_name: 'Baggins'
    primary_phone: '5551234567'
    title: 'Shire Hobbit'
    email: 'frobag@shire.com'
    login: 'frobag@shire.com' # Login must be email format
    customer_id: 'CUST-001' # Unique identifier for the external user
    groups:
      - 'Arch Test Ext Role'
  - first_name: 'Bilbo'
    last_name: 'Baggins'
    primary_phone: '5557654321'
    title: 'Shire Hobbit'
    email: 'bilbag@shire.com'
    login: 'bilbag@shire.com' # Login must be email format
    customer_id: 'CUST-002' # Unique identifier for the external user
    groups:
      - 'Arch Test Ext Role' # Groups must exist in Okta and are defined by defining business roles