Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
main
main
  • Introduction
  • Getting Started
  • Install Devtron
    • Install Devtron with CI/CD
    • Install Devtron with CI/CD and GitOps (Argo CD)
    • Install Devtron without Integrations
    • Install Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs
    • Install Devtron on Airgapped Environment
    • Demo on Popular Cloud Providers
    • Backup for Disaster Recovery
    • Uninstall Devtron
    • FAQs
  • Install Devtron Enterprise Trial
  • Devtron Kubernetes Client
  • Configurations
    • Installation Configurations
    • Override Configurations
    • Ingress Setup
  • Global Configurations
    • Host URL
    • GitOps
    • Projects
    • Clusters & Environments
    • Git Accounts
    • Container/OCI Registry
    • Chart Repositories
    • Deployment Charts
    • Authorization
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • Notifications
    • Deployment Window
    • Approval Policy
    • External Links
    • Catalog Framework
    • Scoped Variables
    • Plugin Policy
    • Pull Image Digest
    • Tags Policy
    • Filter Condition
    • Lock Deployment Configuration
    • Image Promotion Policy
    • Build Infra
  • Devtron Upgrade
    • Update Devtron from Devtron UI
    • Upgrade to 1.5.0
    • 0.6.x-0.7.x
    • 0.5.x-0.6.x
    • 0.4.x-0.5.x
    • 0.4.x-0.4.x
    • 0.3.x-0.4.x
    • 0.3.x-0.3.x
    • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a New Application
      • Clone an Existing Application
      • Deploy a Sample Application
      • App Configuration
        • Git Repository
        • Build Configuration
        • Base Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
          • StatefulSets
        • GitOps Configuration
        • Workflow Editor
          • CI Pipeline
            • Pre-Build/Post-Build Stages
            • Override Build Configuration
          • CD Pipeline
        • ConfigMaps
        • Secrets
          • External Secret Operator (ESO)
            • AWS Secrets Manager
            • Google Secrets Manager
            • HashiCorp Vault
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
        • Rollback Deployment
        • Applying Labels to Images
      • App Details
        • Debugging Deployment And Monitoring
        • Using Ephemeral Containers
        • Application Metrics
      • Application Overview
    • Jobs
      • Create a new job
      • Configurations
      • Workflow Editor
      • Trigger Job
      • Overview
    • Application Groups
    • Software Distribution Hub
      • Tenants
      • Release Hub
    • Resource Browser
    • Resource Watcher
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
      • Security Scans
      • Security Policies
    • Bulk Edit
    • Integrations
      • Build and Deploy (CI/CD)
      • GitOps (Argo CD)
      • Vulnerability Scanning (Clair)
      • Notifications
      • Monitoring (Grafana)
    • Pipeline Plugins
      • Create Your Plugin
      • Our Plugins
        • Ansible Runner
        • Bitbucket Runner Trigger
        • Codacy
        • Code-Scan
        • Copacetic
        • Container Image Exporter
        • Copy Container Image
        • Cosign
        • CraneCopy
        • Dependency track - Maven & Gradle
        • Dependency track - NodeJS
        • Dependency track - Python
        • Devtron CD Trigger
        • Devtron CI Trigger
        • Devtron Job Trigger
        • DockerSlim
        • EKS Create Cluster
        • GCS Create Bucket
        • GitHub Pull Request Updater
        • GKE Provisioner
        • GoLang-migrate
        • Jenkins
        • Jira Issue Validator
        • Jira Issue Updater
        • K6 Load Testing
        • Pull images from container repository
        • Semgrep
        • SonarQube
        • SonarQube v1.1.0
        • Terraform CLI
        • Vulnerability Scanning
  • Resources
    • Glossary
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
      • Pull Helm Charts from OCI Registry
    • Telemetry Overview
    • Devtron on Graviton
    • Release Notes
Powered by GitBook
On this page
  • Introduction
  • Prerequisites
  • Get the Redirect URI from Devtron
  • Configure OAuth in Google Cloud Console
  • To set up OAuth, follow these steps:
  • Configure Google SSO in Devtron
  • Configuration
  • Important: Enable User Access After SSO Setup
  • Reference

Was this helpful?

Export as PDF
  1. Global Configurations
  2. Authorization
  3. SSO Login Services

Google

PreviousSSO Login ServicesNextGitHub

Last updated 2 months ago

Was this helpful?

Introduction

Integrating Google as your Single Sign-On (SSO) provider enables users to authenticate with their Google accounts, ensuring secure and streamlined access to Devtron. This document walks you through setting up Google SSO in Devtron, ensuring users can log in smoothly.

Prerequisites

To configure Google SSO in Devtron, you will need:

  • Super Admin permissions

    • Only a can configure SSO. If you are setting up SSO for the first time, use instead.

  • A Google Cloud account to create and manage OAuth credentials. If you don’t have one, you must create it at the .

Get the Redirect URI from Devtron

Before configuring Google as an SSO provider,

  • Ensure that the is correctly configured in Devtron. This is crucial because the Redirect URI is generated based on the Host URL.

  • You need to retrieve the Redirect URI from Devtron, which will be required in Google Cloud while setting up OAuth credentials.

    • Log in to Devtron.

    • Navigate to Global Configurations → SSO Login Services.

    • Select Google as the authentication provider.

    • Enter the Host URL in the URL field. (This is essential to generate the correct Redirect URI.)

    • Copy the Redirect URI displayed in this section. You will need to enter this in Google Cloud.

Configure OAuth in Google Cloud Console

The next step is to configure OAuth credentials in Google Cloud Console. This involves creating a Google OAuth Client ID and Client Secret, which will be used in Devtron for authentication.

To set up OAuth, follow these steps:

  • Navigate to APIs & Services → OAuth Consent Screen and configure the required details as shown on the screen.

  • In APIs & Services → Credentials, create a new OAuth Client ID:

    • Select 'Web application' as the application type.

    • Paste the Redirect URI (copied from Devtron) under Authorized Redirect URIs.

  • Click Create to generate the Client ID and Client Secret.

Google SSO Requires a Valid Domain with HTTPS

Examples of valid URIs:

✅ https://devtron.example.com/api/dex/callback

✅ https://auth.yourcompany.com/callback

Examples of invalid URIs:

❌ http://localhost:8080/callback

❌ http://192.168.1.10/callback

You can see a new client ID is created in the APIs & Services → Credentials, under OAuth 2.0 Client IDs section. To obtain Client ID and Client Secret, click on the name (devtron-sso in our case) of the OAuth 2.0 Client IDs

Copy the Client ID and Client Secret, as they will be required in Devtron’s SSO configuration.

Configure Google SSO in Devtron

The next step is to configure Devtron to use these credentials for authentication. For this, navigate back to Global Configurations → SSO Login Services, here you can already find a configuration template.

Configuration

In the configuration,

  • Enter the OAuth Credentials:

    • Paste the Client ID obtained from Google Cloud in the clientID field.

    • Paste the Client Secret obtained from Google Cloud in the clientSecret field.

  • Configure Hosted Domains (Optional):

    • If you want to restrict authentication to specific domains (e.g., only users from company.com can log in), add these under hostedDomains in Devtron.

    • If you want to allow all users with any valid Google account, remove the entire hostedDomains section from the configuration.

  • Enter the Redirect URI:

    • Copy the Redirect URI displayed in Devtron and paste the value in the redirectURI field.

  • Click Update to save the configuration, once saved, Google SSO is successfully configured

Although Google SSO is now set up, users will not be able to sign in unless they are explicitly added to Devtron with the necessary permissions.

Important: Enable User Access After SSO Setup

To ensure users can log in:

  • Go to Global Configurations → Authorization → User Permissions.

  • Click Add User.

  • Enter their email (matching their Google account).

  • Assign the required role.

  • Click Save to complete the setup.

Once saved, Devtron will use Google OAuth for authentication, allowing users to log in using their Google accounts.

Reference

Figure 1: Get the Redirect URI

Access and create a new project or select an existing one.

Google does not support IP addresses as valid redirect URIs. You must use a valid domain name () accessible over HTTPS.

Figure 2a: Creating OAuth Client
Figure 2b: Client ID Created
Figure 2c: Get the Client ID and Client Secret

For a detailed step-by-step guide, refer to Google’s official documentation: .

Figure 3: Configuring SSO in Devtron
Figure 4a: Configuring User Permissions
Figure 4b: Adding User with required permissions

For detailed steps on managing user permissions, refer to the .

Super-Admin
Admin Credentials
Google Cloud Console
Host URL
Google Cloud Console
FQDN
Get Google API Client ID
User Permissions Documentation
View Google Documentation
View Dex IdP Documentation