Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
v0.6
v0.6
  • Introduction
  • Getting Started
  • Install Devtron
    • Install Devtron with CI/CD
    • Install Devtron with CI/CD and GitOps (Argo CD)
    • Install Devtron without Integrations
    • Install Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs
    • Demo on Popular Cloud Providers
    • Backup for Disaster Recovery
    • Uninstall Devtron
    • FAQs
  • Devtron Kubernetes Client
  • Configurations
    • Installation Configurations
    • Override Configurations
    • Ingress Setup
  • Global Configurations
    • Host URL
    • GitOps
    • Projects
    • Clusters & Environments
    • Git Accounts
    • Container/OCI Registry
    • Chart Repositories
    • Custom Charts
    • Authorization
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
        • OpenShift
        • Example - Okta SSO
      • User Permissions
      • Permission Groups
      • API Tokens
    • Notifications
    • External Links
    • Catalog Framework
    • Scoped Variables
    • Pull Image Digest
    • Tags Policy
    • Lock Deployment Configuration
    • Image Promotion Policy
    • Filter Condition
    • Build Infra
  • Devtron Upgrade
    • Update Devtron from Devtron UI
    • 0.5.x-0.6.x
    • 0.4.x-0.5.x
    • 0.4.x-0.4.x
    • 0.3.x-0.4.x
    • 0.3.x-0.3.x
    • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a New Application
      • Clone an Existing Application
      • Deploy a Sample Application
      • App Configuration
        • Git Repository
        • Build Configuration
        • Base Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
          • StatefulSets
        • GitOps Configuration
        • Workflow Editor
          • CI Pipeline
            • Pre-Build/Post-Build Stages
            • Override Build Configuration
          • CI Pipeline (Legacy)
          • CD Pipeline
        • ConfigMaps
        • Secrets
          • External Secret Operator (ESO)
            • AWS Secrets Manager
            • Google Secrets Manager
            • HashiCorp Vault
        • Protect Configuration
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
        • Rollback Deployment
      • App Details
        • Debugging Deployment And Monitoring
        • Using Ephemeral Containers
        • Application Metrics
      • Overview
    • Jobs
      • Create a new job
      • Configurations
      • Workflow Editor
      • Trigger Job
      • Overview
    • Application Groups
    • Resource Browser
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
      • Security Scans
      • Security Policies
    • Bulk Edit
    • Integrations
      • Build and Deploy (CI/CD)
      • GitOps (Argo CD)
      • Vulnerability Scanning (Clair)
      • Notifications
      • Monitoring (Grafana)
    • Pipeline Plugins
      • Codacy
      • Copy Container Image
      • Dependency track - Maven & Gradle
      • Dependency track - NodeJS
      • Dependency track - Python
      • K6 Load Testing
      • Semgrep
      • SonarQube
      • SonarQube v1.1.0
  • Resources
    • Glossary
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
      • Pull Helm Charts from OCI Registry
    • Telemetry Overview
    • Devtron on Graviton
    • Release Notes
Powered by GitBook
On this page
  • Sample Configuration
  • Values You Would Require at SSO Provider
  • Values to Fetch
  • Values to Provide
  • Reference
  • Auto-assign Permissions

Was this helpful?

Export as PDF
  1. Global Configurations
  2. Authorization
  3. SSO Login Services

Microsoft

PreviousGitLabNextLDAP

Last updated 10 months ago

Was this helpful?

Sample Configuration


Values You Would Require at SSO Provider

Devtron provides a sample configuration out of the box. There are some values that you need to either get from your SSO provider or give to your SSO provider.

Values to Fetch

  • clientID

  • tenantID (required only if you want to use Azure AD for auto-assigning permissions)

  • clientSecret

Values to Provide

  • redirectURI (provided in SSO Login Services by Devtron)


Reference


Make sure to add tenantID in the SSO configuration field without fail.

SSO login requires exact matching between Devtron permission group names and AD groups. Any discrepancies or missing groups will prevent successful login.

If your AD permissions aren't reflecting in Devtron, a quick sign-out and sign-in can resolve the issue.

Fetching Client ID and Tenant ID
Fetching Secret
Copying Redirect URI from Devtron
Pasting Redirect URI

Auto-assign Permissions

Since Microsoft supports , this feature further simplifies the onboarding process of organizations having a large headcount of users. It also eliminates repetitive permission assignment by automatically mapping your Azure AD groups to Devtron's during single sign-on (SSO) login.

Enabling Permission Auto-assignment

If you've defined groups in your Active Directory, you can create corresponding permission groups in Devtron with the same names. When members of those Active Directory groups first log in to Devtron, they'll automatically inherit the permissions from their Devtron permission group. This means you can't manually adjust or add mapped to a permission group.

Once you save the configuration with this feature enabled, existing user permissions will be cleared and the future permissions will be managed through linked to Azure Active Directory (Microsoft Entra ID) groups.

View Microsoft Documentation
View Dex IdP Documentation
Active Directory (AD)
Permission Groups
individual permissions for users
permission groups