Devtron K8s Dashboard
  • Getting Started
    • Overview of Dashboard
    • Prerequisites
    • Install Modern Kubernetes Dashboard
  • User Guide
    • Explore Kubernetes Resources
      • Overview Page
      • Discover and Manage Resources
      • Nodes and Operations
      • Pod Management and Debugging
      • Cluster Terminal
      • Add Monitoring Dashboards/Graphs
      • Run Kubectl Commands Locally
    • Use Resource Watcher
    • Manage Helm Apps
    • Manage Argo CD Apps
    • Manage Flux CD Apps
    • Chart Store
      • Examples
        • Deploying MySQL Helm Chart
        • Deploying MongoDB Helm Chart
  • Operator Guide
    • Projects
    • Clusters
    • OCI Registry
    • Chart Repositories
    • Manage Authorization (RBAC)
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • External Links
    • Catalog Framework
    • Charts and Chart Store
    • Show/Hide Argo CD App Listing
    • Show/Hide Flux CD App Listing
    • Configure GUI Schema for Manifests
    • Configure Lock Schema for Manifests
  • Resources
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Sample Configuration
  • Values You Would Require at SSO Provider
  • Values to Fetch
  • Values to Provide
  • Reference
  • Auto-assign Permissions
Export as PDF
  1. Operator Guide
  2. Manage Authorization (RBAC)
  3. SSO Login Services

Microsoft

PreviousGitLabNextLDAP

Last updated 6 months ago

Sample Configuration

Values You Would Require at SSO Provider

Devtron provides a sample configuration out of the box. There are some values that you need to either get from your SSO provider or give to your SSO provider.

Values to Fetch

  • clientID

  • tenantID (required only if you want to use Azure AD for auto-assigning permissions)

  • clientSecret

Values to Provide

  • redirectURI (provided in SSO Login Services by Devtron)

Reference

Make sure to add tenantID in the SSO configuration field without fail.

SSO login requires exact matching between Devtron permission group names and AD groups. Any discrepancies or missing groups will prevent successful login.

If your AD permissions aren't reflecting in Devtron, a quick sign-out and sign-in can resolve the issue.

Fetching Client ID and Tenant ID
Fetching Secret
Copying Redirect URI from Devtron
Pasting Redirect URI

Auto-assign Permissions

Since Microsoft supports , this feature further simplifies the onboarding process of organizations having a large headcount of users. It also eliminates repetitive permission assignment by automatically mapping your Azure AD groups to Devtron's during single sign-on (SSO) login.

Enabling Permission Auto-assignment

If you've defined groups in your Active Directory, you can create corresponding permission groups in Devtron with the same names. When members of those Active Directory groups first log in to Devtron, they'll automatically inherit the permissions from their Devtron permission group. This means you can't manually adjust or add mapped to a permission group.

Once you save the configuration with this feature enabled, existing user permissions will be cleared and the future permissions will be managed through linked to Azure Active Directory (Microsoft Entra ID) groups.

View Microsoft Documentation
View Dex IdP Documentation
Active Directory (AD)
Permission Groups
individual permissions for users
permission groups