Knowledge base
Requests
Documentation
New Request
Find answers fast
Home
SSH Professional

Configure Default Shell on SSH Hosts (OKTA)

Edited

Edit Smallstep User Profile in OKTA

  • From the OKTA admin, go to Directory --> Profile Editor

  • Click to open the Smallstep User profile to add a new Attribute

Add a shell Attribute for mapping to SSH home directory for OKTA users

Use the following settings to add an Attribute.

🗒️ The External Name and External Namespace are specific to Smallstep. The other naming options are customizable.

Configuration Fields

  • Data type = String

  • Display Name = [anything you choose]

  • Variable Name = [anything you choose]

  • External Name = shell

  • External Namespace = urn:scim:smallstep:ssh:schema

  • Description = [anything you choose]

  • Enum = [unchecked]

  • Attribute Length = [unset]

  • Attribute required = [optional yes]

  • Scope = [optional] (help page)

  • User Permission = [READ ONLY]


Map New Attribute to OKTA sync

  • After the attribute is created, select Mappings and select the OKTA User to Smallstep option

  • Add an expression that concatenates the static home directory and the user.login attribute. Many expressions can be used, but here's one: toLowerCase("toLowerCase("/bin/bash")" + user.login) 

  • Save your Mapping and decide if you wish to push the changes now or wait for them to sync.

Test if the shell value is updated when user SSH sessions begins

  • From an end-user machine, rerun the configuration for step ssh

step ssh config --team [your_team_slug] --force

  • SSH into a registered host and check that your shell is updated as configured in OKTA.

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Support Report
Privacy Policy