Setting Up LDAP Single Sign-On (SSO)

To access the SSO configuration at the account level.

  1. Click on your avatar at the top right of the GUI and select Account settings.
  2. In the new screen, select Single Sign-on from the left sidebar.

SSO provider settings

SSO provider settings

Click the add single-sign-on button and select LDAP from the drop-down menu.

LDAP settings

You need to create a user first in your LDAP server that has permissions to search other users. Usually this user is an LDAP admin.

Make sure also that you know the scope of the search (i.e. where users are located in the LDAP hierarchy).

Once you have that information, fill the fields as shown below:

LDAP settings

LDAPS settings
  • Client Name - leave the field empty and it will get an autogenerated value once you save the settings.
  • Display Name - any arbitrary name you want to give in this integration.
  • Password - password of the user mentioned in the Distinguished name field that will be used to search other users.
  • Server URL - Codefresh supports both the ldap and ldaps protocol. You also need a certificate for ldaps.
  • Distinguished name - the username of the user that will search other users in LDAP notation (combination of cn, ou,dc).
  • Search Base - the scope to search other users in LDAP notation.
  • Search Filter - the attribute by which the user will be searched on the LDAP server. By default this field is set to uid. For the Azure LDAP server, you need to set this field to sAMAccountName.
  • Certificate - the security certificate of the LDAP server. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. Needed only for ldaps. Leave the field empty if you use ldap.

Click the Save button. LDAP users should now be able to login to Codefresh using LDAP.

Each user that logins into Codefresh must:

  1. Have a defined email address in the LDAP server
  2. Use an email address that is the same as defined in the LDAP server
  3. Use as login information their LDAP email, password and cn value of username