我的书签
添加书签
移除书签Identity provider-based authentication
ENTERPRISE
Configuring identity provider-based authentication
To provide Single Sign-On (SSO) in your organization, you can configure DC/OS Enterprise to authenticate users against one or more external user identity providers (IdP). In contrast to directory-based authentication, the identity provider-based authentication is not as rich (less information available) but is more flexible for individual users.
When a user attempts to log on from the DC/OS web interface, they will be presented with a list of the third-party identity providers that you have configured. They can click the one that they have an account with for SSO.
To discover the names of the IdPs that have been configured, use the
dcos auth list-providerscommand:dcos auth list-providers
To discover the names of the IdPs that have been configured, use the
dcos auth login --provider=<provider-name> --username=<user-email> --password=<secret-passwordcommand to log in using an IdP.dcos auth login --provider=<provider-name> --username=<user-email> --password=<secret-password
DC/OS Enterprise supports two types of identity provider-based authentication methods: Security Assertion Markup Language (SAML)OpenID Connect (OIDC):
- Adding a SAML Identity Provider
- Adding an OpenID Identity Provider:
Configuring a SAML Identity Provider
ENTERPRISE
Configuring a SAML Identity Provider and OneLogin IdP
Configuring an OpenID identity provider
ENTERPRISE
Configuring an OpenID identity provider
