SSO Login Service
Once installed Devtron has one built-in
adminuser with super-admin privileges that has complete access to the system. It is recommended to use
adminuser only for initial and global configuration and then switch to local users or configure SSO integration.
Only users with super-admin privileges have access to create SSO configuration. Devtron uses dex for authenticating a user against the identity provider.
To add/edit SSO configuration please go to the left main panel -> Select
Global Configurations-> Select
SSO Login Services
Dex implements connectors that target specific
identity providers, for each connector configuration user must have created account for the corresponding identity provider and registered an app for client key and secret. For examples see
Login as a user with super-admin privileges and go to
SSO Login Servicesand click on any
Identity Providerand fill the configuration.
Add valid devtron application
URLwhere it is hosted.
callback URLfrom which you have registered with the identity provider in the previous step along with the
client secretshared by the identity provider.
Only single SSO login configuration can be active at one time. Whenever you create or update any SSO config, it will be activated and used by the system and previous configurations will be deleted.
Except for the domain substring, URL and redirectURI should be the same as in the screenshots.
Saveto create and activate SSO login.
SSO configuration can be changed by the user at any later point in time by updating the configuration and clicking on the
Savebutton at the bottom right. In case of configuration change all users will be logged out of the system and will have to login again.
type: oidc or any platform name such as (google, gitlab, github etc)
name: identity provider platform name
id: identity provider platform unique id in string. (refer to dexidp.io)
config: user can put connector details into this key. platforms may not have same structure but commons are clientID, clientSecret, redirectURI.
hostedDomains: domains authorized for SSO login.