Keptn Homepage
Keptn v1 reached EOL December 22, 2023. For more information see https://bit.ly/keptn

Home / Keptn v1 Docs / Release 0.17.x / Operate Keptn / User Management / Microsoft

Microsoft

These instructions will take you through the process of getting your Keptn authenticating with Microsoft. You will create a client within Microsoft and configure Keptn to use Microsoft for authentication.

To set up SSO via OpenID with Microsoft, you have to register an application in order to get a client id, client secret, and a discovery endpoint.

Keptn Bridge

Set the following environment variables when installing Keptn:

bridge:
  ...
  oauth:
    enabled: true
    discovery: "https://login.microsoftonline.com/<directory_tenant_id>/v2.0/.well-known/openid-configuration"
    secureCookie: true
    baseUrl: <base_url>
    clientID: <client_id>
    clientSecret: <client_secret>
    scope: "email"

Note: It is also possible to directly change the Deployment manifest of an existing Keptn installation. After entering the new environment values, the Bridge pod has to be restarted.

OAUTH_ENABLED: "true"
OAUTH_DISCOVERY: "https://login.microsoftonline.com/<directory_tenant_id>/v2.0/.well-known/openid-configuration"
SECURE_COOKIE: "true"
OAUTH_BASE_URL: <base_url>
OAUTH_CLIENT_ID: <client_id>
OAUTH_CLIENT_SECRET: <client_secret>
OAUTH_SCOPE: "email"

When accessing the Bridge, the user is redirected to the identity provider.

Accessing bridge without being logged in
Accessing bridge without being logged in
Entering user credentials
Entering user credentials

After the user successfully logs in with Microsoft credentials, the user is redirected back to the Bridge. Once redirected, the Bridge server fetches the user tokens and creates a session. The user is now successfully logged in.

User is logged in
User is logged in

Keptn CLI

The keptn auth command provides several command line flags that can be used to set up the CLI to use an SSO via OpenID Connect:

keptn auth --oauth --oauth-discovery https://login.microsoftonline.com/<directory_tenant_id>/v2.0/.well-known/openid-configuration --oauth-client-id <client_id> --oauth-client-secret <client_secret> --endpoint <keptn_endpoint> --api-token <keptn_api_token>

After executing the keptn auth command, a Browser window should open asking you to confirm the login using your credentials. If everything went well, you are redirected to an HTML page that confirms that the login was successful.

If you want to opt out from using SSO, simply execute keptn auth --oauth-logout.

Overview

OpenID Session Secrets

Back to top

Sitemap

Resources

Community

Keptn Homepage Keptn Homepage Keptn Keptn Homepage

Keptn is a CNCF Incubating Project. Initially created by Dynatrace in 2019.

© 2023 The Keptn Authors | Documentation Distributed under CC-BY-4.0
© 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.

This website is powered by Netlify