LDAP

Setting Up LDAP Single Sign-On (SSO)

You can setup LDAP authentication:

  1. At the Codefresh customer level.
  2. At the Codefresh account level.
  3. At both levels. Integrations that were created from the customer level can only be edited or removed by the customer administrator from that customer management view. The Account administrator won’t be able to edit those.

The specific way depends on your own organization and how you have chosen to give Codefresh access to your users.

To access the SSO configuration at the account level.

  1. Click on your avatar at the top right of the GUI and select Account settings.
  2. In the new screen, select Single Sign-on from the left sidebar.

To access the SSO configuration at the customer level

  1. Click on your avatar at the top right of the GUI and select any customer from the Customers subsection.
  2. In the new screen, select Single Sign-on from the left sidebar.

In both cases you will arrive to the following screen

SSO provider settings

SSO provider settings

Click the add single-sign-on button and select LDAP from the drop-down menu.

LDAP settings

You need to create a user first in your LDAP server that has permissions to search other users. Usually this user is an LDAP admin.

Make sure also that you know the scope of the search (i.e. where users are located in the LDAP hierarchy).

Once you have that information, fill the fields as shown below:

LDAP settings

LDAPS settings
  • Client Name - leave the field empty and it will get an autogenerated value once you save the settings.
  • Display Name - any arbitrary name you want to give in this integration.
  • Password - password of the user mentioned in the Distinguished name field that will be used to search other users.
  • Server URL - Codefresh supports both the ldap and ldaps protocol. You also need a certificate for ldaps.
  • Distinguished name - the username of the user that will search other users in LDAP notation (combination of cn, ou,dc).
  • Search Base - the scope to search other users in LDAP notation.
  • Certificate - the security certificate of the LDAP server. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. Needed only for ldaps. Leave the field empty if you use ldap.

Click the Save button. LDAP users should now be able to login to Codefresh using LDAP.

Each user that logins into Codefresh must:

  1. Have a defined email address in the LDAP server
  2. Use an email address that is the same as defined in the LDAP server
  3. Use as login information their LDAP email, password and cn value of username