Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
v0.6
v0.6
  • Introduction
  • Getting Started
  • Install Devtron
    • Install Devtron with CI/CD
    • Install Devtron with CI/CD and GitOps (Argo CD)
    • Install Devtron without Integrations
    • Install Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs
    • Demo on Popular Cloud Providers
    • Backup for Disaster Recovery
    • Uninstall Devtron
    • FAQs
  • Devtron Kubernetes Client
  • Configurations
    • Installation Configurations
    • Override Configurations
    • Ingress Setup
  • Global Configurations
    • Host URL
    • GitOps
    • Projects
    • Clusters & Environments
    • Git Accounts
    • Container/OCI Registry
    • Chart Repositories
    • Custom Charts
    • Authorization
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
        • OpenShift
        • Example - Okta SSO
      • User Permissions
      • Permission Groups
      • API Tokens
    • Notifications
    • External Links
    • Catalog Framework
    • Scoped Variables
    • Pull Image Digest
    • Tags Policy
    • Lock Deployment Configuration
    • Image Promotion Policy
    • Filter Condition
    • Build Infra
  • Devtron Upgrade
    • Update Devtron from Devtron UI
    • 0.5.x-0.6.x
    • 0.4.x-0.5.x
    • 0.4.x-0.4.x
    • 0.3.x-0.4.x
    • 0.3.x-0.3.x
    • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a New Application
      • Clone an Existing Application
      • Deploy a Sample Application
      • App Configuration
        • Git Repository
        • Build Configuration
        • Base Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
          • StatefulSets
        • GitOps Configuration
        • Workflow Editor
          • CI Pipeline
            • Pre-Build/Post-Build Stages
            • Override Build Configuration
          • CI Pipeline (Legacy)
          • CD Pipeline
        • ConfigMaps
        • Secrets
          • External Secret Operator (ESO)
            • AWS Secrets Manager
            • Google Secrets Manager
            • HashiCorp Vault
        • Protect Configuration
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
        • Rollback Deployment
      • App Details
        • Debugging Deployment And Monitoring
        • Using Ephemeral Containers
        • Application Metrics
      • Overview
    • Jobs
      • Create a new job
      • Configurations
      • Workflow Editor
      • Trigger Job
      • Overview
    • Application Groups
    • Resource Browser
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
      • Security Scans
      • Security Policies
    • Bulk Edit
    • Integrations
      • Build and Deploy (CI/CD)
      • GitOps (Argo CD)
      • Vulnerability Scanning (Clair)
      • Notifications
      • Monitoring (Grafana)
    • Pipeline Plugins
      • Codacy
      • Copy Container Image
      • Dependency track - Maven & Gradle
      • Dependency track - NodeJS
      • Dependency track - Python
      • K6 Load Testing
      • Semgrep
      • SonarQube
      • SonarQube v1.1.0
  • Resources
    • Glossary
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
      • Pull Helm Charts from OCI Registry
    • Telemetry Overview
    • Devtron on Graviton
    • Release Notes
Powered by GitBook
On this page
  • Prerequisites
  • Tutorial
  • Steps on Okta Admin Console
  • Steps on Devtron
  • Sample Configuration

Was this helpful?

Export as PDF
  1. Global Configurations
  2. Authorization
  3. SSO Login Services

Example - Okta SSO

PreviousOpenShiftNextUser Permissions

Last updated 10 months ago

Was this helpful?

Prerequisites

A verified account on . Okta activates your account only if email verification is successful.

Here's a reference guide to set up your Okta org and application:

Tutorial

Steps on Okta Admin Console

Once your Okta org is set up, create an app integration on Okta to get a Client ID and Client Secret.

  1. In the Admin Console, go to Applications → Applications.

  2. Click Create App Integration.

  3. Select OIDC - OpenID Connect as the Sign-in method.

  1. Select Web as the application type and click Next.

  2. On the App Integration page:

    • Give a name to your application.

    • Select the Interaction Code and Refresh Token checkbox.

    • Now go to Devtron's Global Configurations → SSO Login Services → OIDC.

    • Copy the redirect URI given in the helper text (might look like: https://xxx.xxx.xxx/xxx/callback).

    • Return to the Okta screen, and remove the prefilled value in Sign-in redirect URIs.

    • Paste the copied URI in Sign-in redirect URIs.

    • Click Save.

  3. On the General tab:

    • Note the Client ID value.

    • Click the Edit option.

    • In Client Authentication, choose Client Secret.

    • Click Save.

    • Click Generate new secret.

    • Note the Client Secret value.

Steps on Devtron

  1. Go to the Global Configurations → SSO Login Services → OIDC.

  2. In the URL field, enter the Devtron application URL (a valid https link) where it is hosted.

  3. Under Configuration tab, locate the config object, and provide the clientID and clientSecret of the app integration you created on Okta.

  4. Provide issuer value as https://${yourOktaDomain}. Replace ${yourOktaDomain} with your domain on Okta as shown in the video.

  5. For providing redirectURI or callbackURI registered with the SSO provider, you can either select Configuration or Sample Script. Note that the redirect URI is already given in the helper text (as seen in the previous section).

  6. Click Save to create and activate Okta SSO login.

Now your users will be able to log in to Devtron using the Okta authentication method. Note that existing signed-in users will be logged out and they have to log in again using their OIDC account.

Sample Configuration

OIDC stands for OpenID Connect. to read more.

Add a key insecureSkipEmailVerified: true. Note that this key is only required for Okta SSO. For other types of OIDC SSO, refer .

Click here
OIDC supported configurations
Okta
Link