Okta integration max count of device to 1

Kevin.Huang · March 10, 2023, 7:48am

Hi,
I have Docker FireZone installed and Okta SAML integration. I have tried to limit the Max device count for each user (Okta) by the adding MAX_DEVICES_PER_USER=1 to .env config, restart docker (cd $HOME/.firezone
docker compose restart) and also reboot the server. However the Okta SAML login user can still create 2 devices.
Any ideas to limit the max device to one for each Okta/SAML login users? Am I missing something?

Regards,
Kevin

andrew_dryga · March 10, 2023, 3:34pm

Hey Kevin,

Can you please run

docker exec -it firezone-firezone-1 sh
bin/firezone remote
FzHttp.Config.fetch_env!(:fz_http, :max_devices_per_user)
FzHttp.Config.fetch_source_and_config!(:max_devices_per_user)
System.get_env("MAX_DEVICES_PER_USER")

and share the output

Kevin.Huang · March 10, 2023, 9:00pm

Hi Andrew,
Here is the output:
docker exec -it firezone-firezone-1 sh
/app # bin/firezone remote
Erlang/OTP 25 [erts-13.1.4] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [jit]

Interactive Elixir (1.14.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(firezone@127.0.0.1)1> FzHttp.Config.fetch_env!(:fz_http, :max_devices_per_user)
10
iex(firezone@127.0.0.1)2> FzHttp.Config.fetch_source_and_config!(:max_devices_per_user)
{:default, 10}
iex(firezone@127.0.0.1)3> System.get_env(“MAX_DEVICES_PER_USER”)
nil
iex(firezone@127.0.0.1)4>
BREAK: (a)bort (A)bort with dump (c)ontinue (p)roc info (i)nfo
(l)oaded (v)ersion (k)ill (D)b-tables (d)istribution
^C/app # exit

Here is the .env show MAX_DEVICES_PER_USER=1

VERSION=0.7.20
MAX_DEVICES_PER_USER=1

Here is the output of docker compose restart

[+] Running 3/3
⠿ Container firezone-caddy-1 Started 10.2s
⠿ Container firezone-postgres-1 Started 0.6s
⠿ Container firezone-firezone-1 Started

 It seems to be the environment variable is not read. Any ideas to fix that?

Regards,
Kevin

Kevin.Huang · March 11, 2023, 12:17pm

Hi Andrew,
I have run docker compose up -d to re-read the .env and it’s working now.

docker exec -it firezone-firezone-1 sh
/app # bin/firezone remote
Erlang/OTP 25 [erts-13.1.4] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [jit]

Interactive Elixir (1.14.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(firezone@127.0.0.1)1> FzHttp.Config.fetch_env!(:fz_http, :max_devices_per_user)
1
iex(firezone@127.0.0.1)2> FzHttp.Config.fetch_source_and_config!(:max_devices_per_user)
{{:env, “MAX_DEVICES_PER_USER”}, 1}
iex(firezone@127.0.0.1)3> System.get_env(“MAX_DEVICES_PER_USER”)
“1”
iex(firezone@127.0.0.1)4>

Regards,
Kevin