Permissions Issues after enabling Okta SSO

On-Premise
#1

Earlier today, enabled Okta SSO. After this auth change, when I (with role of Owner) navigate to https://{SENTRY_URL}/manage/status/mail/, I get this error message:

Your role does not have the necessary permissions to access this resource, please read more about organizational roles

Also, when I navigate to https://{SENTRY_URL}/manage/users/ I get this error message:

Something bad happened :frowning:

I was just trying to validate that SMTP was still working after making some other configuration changes.

We recently upgraded from 20.10.1 to 20.11.1 to 20.12.1.

And today, we updated the Organization Slug and Display Name.

By watching the docker-compose logs, I see this related event

web_1 | 21:53:41 [WARNING] django.request: Not Found: /api/0/organizations/manage/ (status_code=404 request=<WSGIRequest: GET ‘/api/0/organizations/manage/?detailed=0’>

And there’s a new event in the project internal.

Error *value/<(sentry/dist/app)
Permission Denied : /manage/status/mail/
INTERNAL-1 19 minutes ago — a month old

#2

Hi, are you able to share the link to that internal issue so we can investigate a bit more? This information is not enough to debug the issue.

#3

This Sentry on-premise deployment isn’t exposed to the public internet. What additional information can I provide that would be sufficient? I don’t see an issue export feature in the UI.

#4

Well, maybe a screenshot then? The stacktrace would be very useful.

#5

sentry_auth_issue_01
sentry_auth_issue_011420×1095 253 KB
sentry_auth_issue_02
sentry_auth_issue_021420×1095 277 KB
sentry_auth_issue_03
sentry_auth_issue_031420×1095 173 KB
sentry_auth_issue_04
sentry_auth_issue_041420×1095 117 KB
sentry_auth_issue_05
sentry_auth_issue_051420×1095 145 KB
sentry_auth_issue_06
sentry_auth_issue_061420×1095 144 KB

#6

Do these screenshots help?

#7

Yeah, they do. So it indeed looks like the account you are using is not defined as “staff” which is required to see those pages. I bet this is a bug in our SSO implementation, forgetting about the high-level admin perms. Will need to dig more into this before I can say more tho.

#8

We have Google SSO
and even with “Owner” permission I can not open any of this admin settings page

https://sentry/manage/

https://sentry/manage/quotas/

Error > Your role does not have the necessary permissions to access this resource, please read more about organizational roles