Improve this page on GitHub

Setting up OIDC Federated SSO

OpenID Connect (OIDC) Single Sign-On (SSO) setup

Codefresh natively supports login with GitHub, Bitbucket and GitLab, using the OpenID Connect (OAuth2) protocol.

Prerequisites

To successfully add an identity provider (IdP) in Codefresh, you need to do some preparatory work with both Codefresh and the provider:

  1. Inform your IdP that it will provide SSO services to Codefresh
  2. Set up Codefresh and point it to your IdP.

The first procedure differs according to your IdP, but the second one is common to all providers.

NOTE
SSO is only available to Enterprise customers. Please contact sales in order to enable it for your Codefresh account.

OIDC SSO configuration in Codefresh

Here’s what you need to do to configure SSO via OIDC in Codefresh:

  1. Configure SSO settings for the IdP:
    This generally includes defining settings both in Codefresh and in the IdP.
    Codefresh supports OIDC SSO for the following:

  2. Test integration with the IdP:

    TIP
    Before enabling SSO for users in Codefresh, you MUST make sure that it is working for the test user.
    When SSO is enabled for a user, Codefresh allows login only through the SSO and blocks logins through other IdPs. If the selected SSO method does not work for some reason, the user is locked out of Codefresh.

    1. In the Codefresh UI, on the toolbar, from your avatar dropdown, select Account Settings.
    2. In the sidebar, from Access & Collaboration, select Users & Teams.
    3. Add an active user to be used for testing. We recommend you use your own user.
    4. From the SSO dropdown, select the provider you want to test.
    5. Keep the current browser session open, and log in via Corporate SSO in an incognito tab (or another browser).

Sign-in with SSO

Sign-in with SSO
  1. (Optional) Set a default SSO provider for account
    You can select an IdP as the default SSO provider for a Codefresh account. This means that all the new users added to that account will automatically use the selected IdP for signin.
  2. (Optional) Select SSO method for individual users
    You can also select if needed, a different SSO provider for specific users.

TIP
Codefresh has an internal cache for SSO configuration, and it can take up to five minutes for your changes to take effect.

Federated Single Sign-On (SSO) overview
Setting up SAML2 Federated SSO