#Unable to fetch users from okta into the catalog automatically

Hi everyone,

I am new to backstage, and I am following the documentation instructions as much as possible. In the docs it says that the recommended way to fill the users and teams to the catalog is to get them automatically from the source of truth of your organization.

My org uses okta, so I check the plugin marketplace and I found a plugin that does this (see screenshot).

The readme of this plugin is not very helpful and the discussion on github I see that are mostly not answered, plus the last commit was 3 months ago, is this plugin abandoned?

If not, how could I get support or an example to use it? This is what I have so far:
MY APP CONFIG:

catalog:
providers:
okta:
- orgUrl: 'https://urbansportsclub.okta.com' # ${AUTH_OKTA_DOMAIN}
token: ${OKTA_TOKEN}
oauth:
clientId: #${OKTA_OAUTH_CLIENT_ID},
keyId: ${OKTA_OAUTH_KEY_ID} #Note: keyId is optional but must be passed wen using a PEM as the privateKey
privateKey: ${OKTA_OAUTH_PK}
frequency: { seconds: 1 } # 1 SECOND for testing
timeout: { seconds: 180 }

    # userFilter: profile.department eq "engineering"
    groupFilter: profile.name eq "Development"

The backend index.ts:
import { loggerToWinstonLogger } from '@backstage/backend-common';
import { createBackend } from '@backstage/backend-defaults';
import {
coreServices,
createBackendModule,
} from '@backstage/backend-plugin-api';
import { Config } from '@backstage/config';
import {
EntityProviderFactory,
oktaCatalogBackendEntityProviderFactoryExtensionPoint,
OktaOrgEntityProvider,
} from '@roadiehq/catalog-backend-module-okta/new-backend';

const backend = createBackend();

backend.add(import('@backstage/plugin-app-backend/alpha'));
backend.add(import('@backstage/plugin-proxy-backend/alpha'));
backend.add(import('@backstage/plugin-scaffolder-backend/alpha'));
backend.add(import('@backstage/plugin-scaffolder-backend-module-github'));
backend.add(import('@backstage/plugin-techdocs-backend/alpha'));
backend.add(import('@roadiehq/catalog-backend-module-okta/new-backend'));

export const oktaCatalogBackendModule = createBackendModule({
pluginId: 'catalog',
moduleId: 'okta-entity-provider-custom',
register(env) {
env.registerInit({
deps: {
provider: oktaCatalogBackendEntityProviderFactoryExtensionPoint,
logger: coreServices.logger,
},
async init({ provider, logger }) {
const factory: EntityProviderFactory = (oktaConfig: Config) =>
OktaOrgEntityProvider.fromConfig(oktaConfig, {
logger: loggerToWinstonLogger(logger),
userNamingStrategy: 'strip-domain-email',
groupNamingStrategy: 'kebab-case-name',
});

    provider.setEntityProviderFactory(factory);
  },
});

},
});

backend.add(oktaCatalogBackendModule);
backend.start();

and doing yarn dev, backstage starts, but I get an error saying "unable to initialize okta"
I also see that the backend.add is deprecated in the plugin one, (see image)

That being said, ignoring the error message, the app seems to work but I don't get users or teams from okta, I actually see these logs:
[1] 2024-08-07T15:13:35.960Z catalog info Providing user and group resources from okta
[1] 2024-08-07T15:13:35.961Z catalog info Found 0, pruning the empty ones
[1] 2024-08-07T15:13:35.968Z catalog info Finished providing 0 user and 0 group resources from okta

https://media.discordapp.net/attachments/1270451271240777749/1270676081640472699/IMG_5815.png?ex=66b490d1&is=66b33f51&hm=1ee9aa0426c20d9a8a102486c59ad7bf8416358e66ec5f7b9921d0c69c781381&=&format=webp&quality=lossless&width=1414&height=1351

Having the same issue - i noticed there's an issue with starting the task - however it seems to be running but not pulling any users/groups

[1] 2024-08-07T13:48:20.752Z auth info Configuring auth provider: okta
[1] 2024-08-07T13:48:20.757Z catalog info Task worker starting: okta-entity-provider-okta-org:all, {"version":2,"cadence":"PT1M","timeoutAfterDuration":"PT3M"} task=okta-entity-provider-okta-org:all
[1] 2024-08-07T13:48:20.759Z catalog info Performing database migration
[1] 2024-08-07T13:48:20.765Z catalog error Error: Not initialized task=okta-entity-provider-okta-org:all

[1] 2024-08-07T13:49:20.833Z catalog info Providing user and group resources from okta
[1] 2024-08-07T13:49:20.834Z catalog info Found 0, pruning the empty ones
[1] 2024-08-07T13:49:20.841Z catalog info Finished providing 0 user and 0 group resources from okta

Same Okta works fine with an older version of backstage and the plugin. new version seems to have a bug or misconfiguration
my config:
catalog
providers:
okta:
- orgUrl: ${OKTA_AUDIENCE}
token: ${OKTA_API_TOKEN}
frequency: { minutes: 1 }
timeout: { minutes: 3 }

reported an issue here - https://github.com/RoadieHQ/roadie-backstage-plugins/issues/1537

I added a comment too, let’s see if they are active! 🙂

@junior badge do you know anything else about this? I have been trying to figure out this issue for 3 days and I am considering if I should just write the fetching logic myself to get the users from okta instead of using this plugin. They don’t respond and it seems abandoned 😢

Yes no response yet. I wonder how hard it to bring back the old legacy code into practice however i can't seem to find examples for /backstage/packages/backend/src/index.ts how to integrate older code into the new backend system

Yeah, in my case I am new to backstage and it is difficult for me to rewrite anything, I am considering that it may be better just to do it myself. It can’t be that difficult, just an API call to okta, get the users and teams and insert them into the catalog.

FYI - Roadie does have a Discord server: https://discord.gg/b4Wb4YRz

That’s good to know, thanks!

@minor bane found intermediate solution add this code to your /backstage/packages/backend/src/index.ts

// Loading OKTA users and groups - Legacy code:
backend.add(legacyPlugin('roadiehq-okta-catalog', import('./plugins/catalog')));

catalog.ts
import { CatalogBuilder } from '@backstage/plugin-catalog-backend';
import { Router } from 'express';
import { PluginEnvironment } from '../types';
import { OktaOrgEntityProvider } from '@roadiehq/catalog-backend-module-okta';

export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
const builder = await CatalogBuilder.create(env);
const orgProvider = OktaOrgEntityProvider.fromConfig(env.config, {
logger: env.logger,
userNamingStrategy: 'strip-domain-email',
groupNamingStrategy: 'kebab-case-name',
});

builder.addEntityProvider(orgProvider);

const { processingEngine, router } = await builder.build();
orgProvider.run();
await processingEngine.start();
return router;
}

I got all the users and groups loaded

Pretty sure legacyPlugin will be deprecated in the next Backstage release - 1.30.0 - on August 20th. Sorry to be the downer 😭

also, the workaround doesn't work for me anyway because it counts on having "old backend" folders and I don't have them since my backstage app has been created recently

and it doesn't work for my org to use a plugin if it is not maintained, I'll try to join their discord today and try to figure out if they are planning on working on this or not

if not, I'll just learn how to write plugins and do it myself.... I hope 😅

Did you try this out? It seems the plugin does not provide a way to run on a scheduled basis. Therefore, you will need to implement it yourself after adding it to the entityProvider. Please see the reference below:
https://github.com/RoadieHQ/roadie-backstage-plugins/issues/1310#issuecomment-2037783918

for everyone else having this issue in the future, the workaround defined here fixes this:
https://github.com/RoadieHQ/roadie-backstage-plugins/issues/1537
without using the legacyPlugin!!

@junior badge check it out so you don't use the legacyPlugin that will stop working 🙂