gravitational · mdwn · Aug 30, 2023 · Aug 29, 2023 · Aug 30, 2023
diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto
@@ -1795,6 +1795,10 @@ message AuthPreferenceSpecV2 {
     (gogoproto.jsontag) = "default_session_ttl,omitempty",
     (gogoproto.casttype) = "Duration"
   ];
+
+  // Okta is a set of options related to the Okta service in Teleport.
+  // Requires Teleport Enterprise.
+  OktaOptions Okta = 17 [(gogoproto.jsontag) = "okta,omitempty"];
 }
 
 // U2F defines settings for U2F device.
@@ -6183,3 +6187,9 @@ message KubernetesMatcher {
     (gogoproto.customtype) = "Labels"
   ];
 }
+
+// OktaOptions specify options related to the Okta service.
+message OktaOptions {
+  // SyncPeriod is the duration between synchronization calls in nanoseconds.
+  int64 SyncPeriod = 1 [(gogoproto.jsontag) = "sync_period,omitempty"];
+}
diff --git a/api/types/authentication.go b/api/types/authentication.go
@@ -133,6 +133,11 @@ type AuthPreference interface {
 	// SetDefaultSessionTTL sets the max session ttl
 	SetDefaultSessionTTL(Duration)
 
+	// GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.
+	GetOktaSyncPeriod() time.Duration
+	// SetOktaSyncPeriod sets the duration between Okta synchronzation calls.
+	SetOktaSyncPeriod(timeBetweenSyncs time.Duration)
+
 	// String represents a human readable version of authentication settings.
 	String() string
 }
@@ -461,6 +466,16 @@ func (c *AuthPreferenceV2) GetDefaultSessionTTL() Duration {
 	return c.Spec.DefaultSessionTTL
 }
 
+// GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.
+func (c *AuthPreferenceV2) GetOktaSyncPeriod() time.Duration {
+	return time.Duration(c.Spec.Okta.SyncPeriod)
+}
+
+// SetOktaSyncPeriod sets the duration between Okta synchronzation calls.
+func (c *AuthPreferenceV2) SetOktaSyncPeriod(timeBetweenSyncs time.Duration) {
+	c.Spec.Okta.SyncPeriod = int64(timeBetweenSyncs)
+}
+
 // setStaticFields sets static resource header and metadata fields.
 func (c *AuthPreferenceV2) setStaticFields() {
 	c.Kind = KindClusterAuthPreference
@@ -640,6 +655,11 @@ func (c *AuthPreferenceV2) CheckAndSetDefaults() error {
 		c.Spec.IDP.SAML.Enabled = NewBoolOption(true)
 	}
 
+	// Make sure the Okta field is populated.
+	if c.Spec.Okta == nil {
+		c.Spec.Okta = &OktaOptions{}
+	}
+
 	return nil
 }
 

diff --git a/api/types/types.pb.go b/api/types/types.pb.go
diff --git a/lib/config/configuration.go b/lib/config/configuration.go
@@ -2519,6 +2519,7 @@ func applyOktaConfig(fc *FileConfig, cfg *servicecfg.Config) error {
 	cfg.Okta.Enabled = fc.Okta.Enabled()
 	cfg.Okta.APIEndpoint = fc.Okta.APIEndpoint
 	cfg.Okta.APITokenPath = fc.Okta.APITokenPath
+	cfg.Okta.SyncPeriod = fc.Okta.SyncPeriod
 	return nil
 }
 

diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go
@@ -821,6 +821,7 @@ SREzU8onbBsjMg9QDiSf5oJLKvd/Ren+zGY7
 					Enabled: types.NewBoolOption(true),
 				},
 			},
+			Okta: &types.OktaOptions{},
 		},
 	}, protocmp.Transform()))
 
@@ -910,6 +911,7 @@ SREzU8onbBsjMg9QDiSf5oJLKvd/Ren+zGY7
 	require.True(t, cfg.Okta.Enabled)
 	require.Equal(t, cfg.Okta.APIEndpoint, "https://some-endpoint")
 	require.Equal(t, cfg.Okta.APITokenPath, oktaAPITokenPath)
+	require.Equal(t, cfg.Okta.SyncPeriod, time.Second*300)
 }
 
 // TestApplyConfigNoneEnabled makes sure that if a section is not enabled,

diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go
@@ -2559,6 +2559,9 @@ type Okta struct {
 
 	// APITokenPath is the path to the Okta API token.
 	APITokenPath string `yaml:"api_token_path,omitempty"`
+
+	// SyncPeriod is the duration between synchronization calls.
+	SyncPeriod time.Duration `yaml:"sync_period,omitempty"`
 }
 
 // JamfService is the yaml representation of jamf_service.

diff --git a/lib/config/testdata_test.go b/lib/config/testdata_test.go
@@ -211,6 +211,7 @@ okta_service:
     enabled: yes
     api_endpoint: https://some-endpoint
     api_token_path: %v
+    sync_period: 300s
 `
 
 // NoServicesConfigString is a configuration file with no services enabled

diff --git a/lib/service/servicecfg/okta.go b/lib/service/servicecfg/okta.go
@@ -14,6 +14,8 @@
 
 package servicecfg
 
+import "time"
+
 // OktaConfig specifies configuration for the Okta service.
 type OktaConfig struct {
 	// Enabled turns the Okta service on or off for this process
@@ -24,4 +26,7 @@ type OktaConfig struct {
 
 	// APITokenPath is the path to the Okta API token.
 	APITokenPath string
+
+	// SyncPeriod is the duration between synchronization calls.
+	SyncPeriod time.Duration
 }