diff --git a/_docs/administration/single-sign-on/sso-ldap.md b/_docs/administration/single-sign-on/sso-ldap.md index c3d4369ee..53bbc1ae3 100644 --- a/_docs/administration/single-sign-on/sso-ldap.md +++ b/_docs/administration/single-sign-on/sso-ldap.md @@ -12,13 +12,19 @@ To configure SSO for LDAP in Codefresh, you need to first create a user on your this user is an LDAP admin. Make sure also that you know the scope of the search, that is, where users to search for are located in the LDAP hierarchy. + +To configure SSO for LDAP in Codefresh, you need to first create a user on your LDAP server who has permissions to search other users. Usually, +this user is an LDAP admin. +Make sure also that you know the scope of the search, that is, where users to search for are located in the LDAP hierarchy. + +## Step 1: Configure SSO settings for LDAP in Codefresh 1. In the Codefresh UI, go to [Single Sign-On](https://g.codefresh.io/2.0/account-settings/single-sign-on){:target="\_blank"}. 1. Select **+ Add Single Sign-On**, **LDAP**, and then **Next**. {% include image.html lightbox="true" - file="/images/administration/sso/ldap/sso-csdp-ldap.png" - url="/images/administration/sso/ldap/sso-csdp-ldap.png" + file="/images/sso/ldap/sso-csdp-ldap.png" + url="/images/sso/ldap/sso-csdp-ldap.png" alt="SSO settings for LDAP in Codefresh" caption="SSO settings for LDAP in Codefresh" max-width="30%" @@ -32,13 +38,34 @@ Make sure also that you know the scope of the search, that is, where users to se * **LDAP Server URL**: Codefresh supports both `ldap` and `ldaps` protocols. For `ldaps`, you also need a certificate. * **Distinguished name**: The username to be used to search other users in LDAP notation (combination of `cn`, `ou`,`dc`). * **Search base**: The search-user scope in LDAP notation. - * **Search filter**: The attribute by which the user will be searched on the LDAP server. By default, set to `uid`. For the Azure LDAP server, set this field to `sAMAccountName`. - * **Certificate**: The security certificate of the LDAP server for `ldaps` only. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. Leave the field empty if you use `ldap`. + * **Search filter**: The attribute by which to search for the user on the LDAP server. By default, set to `uid`. For the Azure LDAP server, set this field to `sAMAccountName`. + * **Certificate**: + * For `ldaps`: The security certificate of the LDAP server. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. + * For `ldap`: Leave the field empty. + * **Allowed groups for sync**: + * To sync _only by specified groups_, select the option, and define the groups for which to sync teams. + * To sync by _all groups_ in the directory defined by **Search base**, leave the field empty. + * **Search base for sync**: + * To synchronize using a custom search base, define the search base. + * To find entries for synchronization within the scope defined by **Search base**, leave the field empty. {:start="4"} -1. Select **+ Add**. LDAP users can log in to Codefresh. +1. Select **+ Add**. LDAP users can now log in to Codefresh. >Each user who logs in to Codefresh must: 1. Have a defined email address on the LDAP server 1. Use the same email address as defined on the LDAP server 1. Use as login information, the LDAP email, password, and `cn` value of username + +## Step 2: Synchronize teams with LDAP +Synchronize teams in Codefresh with LDAP using the Codefresh CLI. + +>Team synchronization is implemented based on the SSO options configured for LDAP in Codefresh. + +* Run the synchronize teams command: + `codefresh synchronize teams --client-type ldap` + + where: + is the Client Name that you either defined or is auto-generated by Codefresh in the LDAP SSO settings. For example, `KK5XhWAx90rw`. + + diff --git a/images/sso/ldap/sso-csdp-ldap.png b/images/sso/ldap/sso-csdp-ldap.png new file mode 100644 index 000000000..4560eece6 Binary files /dev/null and b/images/sso/ldap/sso-csdp-ldap.png differ