blob: b7fb2370cd612cc8eafd007b80d595dd0b8a1a23 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# yamllint disable rule:line-length
---
- id: 'okta-authentication'
meta:
name: 'Okta SSO'
link: 'https://netdata.cloud'
categories:
- auth
icon_filename: 'okta.png'
keywords:
- sso
- okta
- okta-sso
overview:
authentication_description: "Integrate your organization's Okta account with Netdata to better manage your team's access controls to Netdata Cloud."
authentication_limitations: ''
setup:
description: |
### Prerequisites
- An Okta account
- A Netdata Cloud account
- Access to the Space as an **Admin**
- Space needs to be on a paid plan
### Setting up Okta
Steps needed to be done on Okta Admin Portal:
1. Click on **Applications** tab and choose to **Browse App Catalogue**
2. Find Netdata's preconfigured app for easy setup and click **Add Integration**
3. Give the app, that will be in your apps dashboard, the preferred **Application label** and click **Next** to move to the Sign-On options tab
4. In the **Sign-On Options** all the values we expect are already filled and no additional data is required
5. Click **Done**. You are able to go back and edit any fields later if need be
6. Go to the **Assignments** tab and enter the People or Group assignments as per your organization’s policies
### Netdata Configuration Steps
1. Click on the Space settings cog (located above your profile icon)
2. Click on the **Authentication** tab
3. On the Okta SSO card, click on **Configure**
4. Fill in the [required credentials](https://developer.okta.com/docs/guides/find-your-app-credentials/main/), you get them from **Okta Admin Portal**:
- **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
- **Client ID** you can get it from **General** tab on application you configured on Okta
- **Client Secret** you can get it from **General** tab on application you configured on Okta
### Supported features
* SP-initiated SSO (Single Sign-On)
* IdP-initiated SSO
### SP-initiated SSO
If you start your authentication flow from Netdata sign-in page please check [these steps](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/enterprise-sso-authentication.md#from-netdata-sign-up-page).
- id: 'oidc-authentication'
meta:
name: 'OIDC'
link: 'https://netdata.cloud'
categories:
- auth
icon_filename: 'openid.svg'
keywords:
- sso
- oidc
overview:
authentication_description: "Integrate your organization's Authorization Servers with Netdata to better manage your team's access controls to Netdata Cloud."
authentication_limitations: ''
setup:
description: |
### Prerequisites
- Authorization Server with OIDC protocol supported
- A Netdata Cloud account
- Access to the Space as an **Admin**
- Space needs to be on a paid plan
### Setting up Authorization Server
Your server should follow the [full specification for OIDC](https://openid.net/specs/openid-connect-core-1_0.html).
In order to integrate your Authorization Server with Netdata the creation of a client is required. Clients are applications and services that can request authentication of a user.
The access settings for your client are the following:
| field | value |
| :-- | :-- |
| Root URL | https://app.netdata.cloud/ |
| Home/Initiate login URL | https://app.netdata.cloud/api/v2/auth/account/auth-server?iss={your-server-issuer-url}&redirect_uri=https://app.netdata.cloud/sign-in®ister_uri=https://app.netdata.cloud/sign-up/verify |
| Redirect URL | https://app.netdata.cloud/api/v2/auth/account/auth-server/callback |
### Netdata Configuration Steps
1. Click on the Space settings cog (located above your profile icon)
2. Click on the **Authentication** tab
3. On the OIDC card, click on **Configure**
4. Fill in the required credentials:
- **Issuer URL** the Authorization Server Issuer URL, e.g. `https://my-auth-server.com/`
- **Client ID** the Client ID from the created client
- **Client Secret** the Client Secret from the created client
- **Authorization URL** the Authorization Server authorization URL, e.g. `https://my-auth-server.com/openid-connect/auth`
- **Token URL** the Authorization Server token URL, e.g. `https://my-auth-server.com/openid-connect/token`
- **User URL** the Authorization Server user info URL, e.g. `https://my-auth-server.com/openid-connect/userinfo`
### Supported features
* SP-initiated SSO (Single Sign-On)
* IdP-initiated SSO
### SP-initiated SSO
If you start your authentication flow from Netdata sign-in page please check [these steps](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/enterprise-sso-authentication.md#from-netdata-sign-up-page).
### Reference
https://openid.net/developers/how-connect-works/
|
