Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
v0.6
v0.6
  • Introduction
  • Getting Started
  • Install Devtron
    • Install Devtron with CI/CD
    • Install Devtron with CI/CD and GitOps (Argo CD)
    • Install Devtron without Integrations
    • Install Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs
    • Demo on Popular Cloud Providers
    • Backup for Disaster Recovery
    • Uninstall Devtron
    • FAQs
  • Devtron Kubernetes Client
  • Configurations
    • Installation Configurations
    • Override Configurations
    • Ingress Setup
  • Global Configurations
    • Host URL
    • GitOps
    • Projects
    • Clusters & Environments
    • Git Accounts
    • Container/OCI Registry
    • Chart Repositories
    • Custom Charts
    • Authorization
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
        • OpenShift
        • Example - Okta SSO
      • User Permissions
      • Permission Groups
      • API Tokens
    • Notifications
    • External Links
    • Catalog Framework
    • Scoped Variables
    • Pull Image Digest
    • Tags Policy
    • Lock Deployment Configuration
    • Image Promotion Policy
    • Filter Condition
    • Build Infra
  • Devtron Upgrade
    • Update Devtron from Devtron UI
    • 0.5.x-0.6.x
    • 0.4.x-0.5.x
    • 0.4.x-0.4.x
    • 0.3.x-0.4.x
    • 0.3.x-0.3.x
    • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a New Application
      • Clone an Existing Application
      • Deploy a Sample Application
      • App Configuration
        • Git Repository
        • Build Configuration
        • Base Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
          • StatefulSets
        • GitOps Configuration
        • Workflow Editor
          • CI Pipeline
            • Pre-Build/Post-Build Stages
            • Override Build Configuration
          • CI Pipeline (Legacy)
          • CD Pipeline
        • ConfigMaps
        • Secrets
          • External Secret Operator (ESO)
            • AWS Secrets Manager
            • Google Secrets Manager
            • HashiCorp Vault
        • Protect Configuration
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
        • Rollback Deployment
      • App Details
        • Debugging Deployment And Monitoring
        • Using Ephemeral Containers
        • Application Metrics
      • Overview
    • Jobs
      • Create a new job
      • Configurations
      • Workflow Editor
      • Trigger Job
      • Overview
    • Application Groups
    • Resource Browser
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
      • Security Scans
      • Security Policies
    • Bulk Edit
    • Integrations
      • Build and Deploy (CI/CD)
      • GitOps (Argo CD)
      • Vulnerability Scanning (Clair)
      • Notifications
      • Monitoring (Grafana)
    • Pipeline Plugins
      • Codacy
      • Copy Container Image
      • Dependency track - Maven & Gradle
      • Dependency track - NodeJS
      • Dependency track - Python
      • K6 Load Testing
      • Semgrep
      • SonarQube
      • SonarQube v1.1.0
  • Resources
    • Glossary
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
      • Pull Helm Charts from OCI Registry
    • Telemetry Overview
    • Devtron on Graviton
    • Release Notes
Powered by GitBook
On this page
  • Supported SSO Providers
  • 1. Create new SSO Configuration
  • 2. Update SSO Configuration
  • 3. Configuration Payload
  • Next Steps

Was this helpful?

Export as PDF
  1. Global Configurations
  2. Authorization

SSO Login Services

PreviousAuthorizationNextGoogle

Last updated 10 months ago

Was this helpful?

Once Devtron is installed, it has a built-in admin user with super admin privileges with unrestricted access to all Devtron resources. We recommended to use a user with super admin privileges for initial and global configurations only and then switch to local users or configure SSO integration.

Only users with privileges can create SSO configuration. Devtron uses for authenticating a user against the identity provider.

To add/edit SSO configuration, go to the SSO Login Services section of Global Configurations.

Supported SSO Providers

Below are the SSO providers which are available in Devtron. Select one of the SSO providers (e.g., GitHub) to configure SSO:

Dex implements connectors that target specific identity providers for each connector configuration. You must have a created account for the corresponding identity provider and registered an app for client key and secret.

Refer the following documents for more detail.

  • https://dexidp.io/docs/connectors/

  • https://dexidp.io/docs/connectors/google/

1. Create new SSO Configuration

Make sure that you have a .

  • Go to the Global Configurations → SSO Login Services and click any SSO Provider of your choice.

  • In the URL field, enter the valid Devtron application URL where it is hosted.

  • For providing redirectURI or callbackURI registered with the SSO provider, you can either select Configuration or Sample Script.

  • Provide the client ID and client Secret of your SSO provider (e.g. If you select Google as SSO provider, then you must enter $GOOGLE_CLIENT_ID and $GOOGLE_CLIENT_SECRET in the client ID and client Secret respectively.)

  • Select Save to create and activate SSO Login Service.

Note:

  • Only single SSO login configuration can be active at one time. Whenever you create or update any SSO configuration, it will be activated and used by Devtron and previous configurations will be deleted.

  • Except for the domain substring, URL and redirectURI remains same.

2. Update SSO Configuration

You can change SSO configuration anytime by updating the configuration and click Update. Note: In case of configuration change, all users will be logged out of Devtron and will have to login again.

3. Configuration Payload

  • type : Any platform name such as (Google, GitLab, GitHub etc.)

  • name : Identity provider platform name

  • config : User can put connector details for this key. Platforms may not have same structure but common configurations are clientID, clientSecret, redirectURI.

  • hostedDomains : Domains authorized for SSO login.


Next Steps

id : Identity provider platform which is a unique ID in string. (Refer to

After configuring an SSO for authentication, you need to in Devtron, else your users won't be able to log in via SSO.

In case you have enabled auto-assign permissions in or , relevant must also exist in Devtron for a successful login.

dexidp.io
add users
Dex
Google
GitHub
GitLab
Microsoft
LDAP
OpenID Connect
OpenShift
Microsoft
LDAP
super-admin
super admin access
permission groups