|
| 1 | +:_mod-docs-content-type: ASSEMBLY |
| 2 | +[id="cloud-experts-getting-started-idp"] |
| 3 | += Tutorial: Setting up an identity provider |
| 4 | +include::_attributes/attributes-openshift-dedicated.adoc[] |
| 5 | +:context: cloud-experts-getting-started-idp |
| 6 | + |
| 7 | +toc::[] |
| 8 | + |
| 9 | +//rosaworkshop.io content metadata |
| 10 | +//Brought into ROSA product docs 2023-11-28 |
| 11 | + |
| 12 | +To log in to your cluster, set up an identity provider (IDP). This tutorial uses GitHub as an example IDP. See the full list of xref:../../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#understanding-idp-supported_rosa-sts-config-identity-providers[IDPs supported by ROSA]. |
| 13 | + |
| 14 | +* To view all IDP options, run the following command: |
| 15 | ++ |
| 16 | +[source,terminal] |
| 17 | +---- |
| 18 | +rosa create idp --help |
| 19 | +---- |
| 20 | +
|
| 21 | +== Setting up an IDP with GitHub |
| 22 | +. Log in to your GitHub account. |
| 23 | +. Create a new GitHub organization where you are an administrator. |
| 24 | ++ |
| 25 | +[TIP] |
| 26 | +==== |
| 27 | +If you are already an administrator in an existing organization and you want to use that organization, skip to step 9. |
| 28 | +==== |
| 29 | ++ |
| 30 | +Click the *+* icon, then click *New Organization*. |
| 31 | ++ |
| 32 | +image::cloud-experts-getting-started-idp-new-org.png[] |
| 33 | + |
| 34 | +. Choose the most applicable plan for your situation or click *Join for free*. |
| 35 | + |
| 36 | +. Enter an organization account name, an email, and whether it is a personal or business account. Then, click *Next*. |
| 37 | ++ |
| 38 | +image::cloud-experts-getting-started-idp-team.png[] |
| 39 | + |
| 40 | +. *Optional:* Add the GitHub IDs of other users to grant additional access to your ROSA cluster. You can also add them later. |
| 41 | +. Click *Complete Setup*. |
| 42 | +. *Optional:* Enter the requested information on the following page. |
| 43 | +. Click *Submit*. |
| 44 | +. Go back to the terminal and enter the following command to set up the GitHub IDP: |
| 45 | ++ |
| 46 | +[source,terminal] |
| 47 | +---- |
| 48 | +rosa create idp --cluster=<cluster name> --interactive |
| 49 | +---- |
| 50 | + |
| 51 | +. Enter the following values: |
| 52 | ++ |
| 53 | +[source,terminal] |
| 54 | +---- |
| 55 | +Type of identity provider: github |
| 56 | +Identity Provider Name: <IDP-name> |
| 57 | +Restrict to members of: organizations |
| 58 | +GitHub organizations: <organization-account-name> |
| 59 | +---- |
| 60 | + |
| 61 | +. The CLI will provide you with a link. Copy and paste the link into a browser and press *Enter*. This will fill the required information to register this application for OAuth. You do not need to modify any of the information. |
| 62 | ++ |
| 63 | +image::cloud-experts-getting-started-idp-link.png[] |
| 64 | + |
| 65 | +. Click *Register application*. |
| 66 | ++ |
| 67 | +image::cloud-experts-getting-started-idp-register.png[] |
| 68 | + |
| 69 | +. The next page displays a *Client ID*. Copy the ID and paste it in the terminal where it asks for *Client ID*. |
| 70 | ++ |
| 71 | +[NOTE] |
| 72 | +==== |
| 73 | +Do not close the tab. |
| 74 | +==== |
| 75 | + |
| 76 | +. The CLI will ask for a *Client Secret*. Go back in your browser and click *Generate a new client secret*. |
| 77 | ++ |
| 78 | +image::cloud-experts-getting-started-idp-secret.png[] |
| 79 | + |
| 80 | +. A secret is generated for you. Copy your secret because it will never be visible again. |
| 81 | + |
| 82 | +. Paste your secret into the terminal and press *Enter*. |
| 83 | +. Leave *GitHub Enterprise Hostname* blank. |
| 84 | +. Select *claim*. |
| 85 | +. Wait approximately 1 minute for the IDP to be created and the configuration to land on your cluster. |
| 86 | ++ |
| 87 | +image::cloud-experts-getting-started-idp-inputs.png[] |
| 88 | + |
| 89 | +. Copy the returned link and paste it into your browser. The new IDP should be available under your chosen name. Click your IDP and use your GitHub credentials to access the cluster. |
| 90 | ++ |
| 91 | +image::cloud-experts-getting-started-idp-login.png[] |
| 92 | + |
| 93 | +== Granting other users access to the cluster |
| 94 | +To grant access to other cluster user you will need to add their GitHub user ID to the GitHub organization used for this cluster. |
| 95 | + |
| 96 | +. In GitHub, go to the *Your organizations* page. |
| 97 | + |
| 98 | +. Click your *profile icon*, then *Your organizations*. Then click *<your-organization-name>*. In our example, it is `my-rosa-cluster`. |
| 99 | ++ |
| 100 | +image::cloud-experts-getting-started-idp-org.png[] |
| 101 | + |
| 102 | +. Click *Invite someone*. |
| 103 | ++ |
| 104 | +image::cloud-experts-getting-started-idp-invite.png[] |
| 105 | + |
| 106 | +. Enter the GitHub ID of the new user, select the correct user, and click *Invite*. |
| 107 | +. Once the new user accepts the invitation, they will be able to log in to the ROSA cluster using the console link and their GitHub credentials. |
0 commit comments