Devtron K8s Dashboard
  • Getting Started
    • Overview of Dashboard
    • Prerequisites
    • Install Modern Kubernetes Dashboard
  • User Guide
    • Explore Kubernetes Resources
      • Overview Page
      • Discover and Manage Resources
      • Nodes and Operations
      • Pod Management and Debugging
      • Cluster Terminal
      • Add Monitoring Dashboards/Graphs
      • Run Kubectl Commands Locally
    • Use Resource Watcher
    • Manage Helm Apps
    • Manage Argo CD Apps
    • Manage Flux CD Apps
    • Chart Store
      • Examples
        • Deploying MySQL Helm Chart
        • Deploying MongoDB Helm Chart
  • Operator Guide
    • Projects
    • Clusters
    • OCI Registry
    • Chart Repositories
    • Manage Authorization (RBAC)
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • External Links
    • Catalog Framework
    • Charts and Chart Store
    • Show/Hide Argo CD App Listing
    • Show/Hide Flux CD App Listing
    • Configure GUI Schema for Manifests
    • Configure Lock Schema for Manifests
  • Resources
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Create SSO Configuration
  • Update SSO Configuration
  • Configuration Payload
  • Next Steps
Export as PDF
  1. Operator Guide
  2. Manage Authorization (RBAC)

SSO Login Services

PreviousManage Authorization (RBAC)NextGoogle

Last updated 6 months ago

Once Devtron is installed, it has a built-in admin user with super-admin privileges having unrestricted access to all Devtron resources. We recommended to use this user only for initial and global configurations and then switch to local users or configure SSO-login.

Only users with privileges can configure the SSO. Devtron uses for authenticating a user against the identity provider.

Below are the SSO providers which are available in Devtron. Select one of the SSO providers (e.g., GitHub) to configure SSO:

Dex implements connectors that target specific identity providers for each connector configuration. You must have a created account for the corresponding identity provider and registered an app for client key and secret.

Refer the following documents for more detail.

  • https://dexidp.io/docs/connectors/

  • https://dexidp.io/docs/connectors/google/


Create SSO Configuration

Make sure that you have a .

  • From the left sidebar, go to Global Configurations → Authorization → SSO Login Services

  • Click any SSO Provider of your choice.

  • In the URL field, enter the valid Devtron application URL where it is hosted.

  • For providing redirectURI or callbackURI registered with the SSO provider, you can either select Configuration or Sample Script.

  • Provide the client ID and client Secret of your SSO provider (e.g. If you select Google as SSO provider, then you must enter $GOOGLE_CLIENT_ID and $GOOGLE_CLIENT_SECRET in the client ID and client Secret respectively.)

  • Select Save to create and activate SSO Login Service.

Note:

  • Only single SSO login configuration can be active at one time. Whenever you create or update any SSO configuration, it will be activated and used by Devtron and previous configurations will be deleted.

  • Except for the domain substring, URL and redirectURI remains same.

Update SSO Configuration

You can change SSO configuration anytime by updating the configuration and click Update. Note: In case of configuration change, all users will be logged out of Devtron and will have to login again.

Configuration Payload

  • type : Any platform name such as (Google, GitLab, GitHub etc.)

  • name : Identity provider platform name

  • config : User can put connector details for this key. Platforms may not have same structure but common configurations are clientID, clientSecret, redirectURI.

  • hostedDomains : Domains authorized for SSO login (e.g. gmail.com, devtron.ai)


Next Steps

id : Identity provider platform which is a unique ID in string. (Refer to

After configuring an SSO for authentication, you must in Devtron for them to be able to log in via SSO.

In case you have enabled auto-assign permissions in or , relevant must also exist in Devtron for a successful login.

dexidp.io
Dex
Google
GitHub
GitLab
Microsoft
LDAP
OpenID Connect
OpenShift
Microsoft
LDAP
super-admin
super admin access
add users
permission groups