LDAP
Setting Up LDAP Single Sign-On (SSO)
To access the SSO configuration at the account level.
- Click on your avatar at the top right of the GUI and select Account settings.
- In the new screen, select Single Sign-on from the left sidebar.
Click the add single-sign-on button and select LDAP from the drop-down menu.
LDAP settings
You need to create a user first in your LDAP server that has permissions to search other users. Usually this user is an LDAP admin.
Make sure also that you know the scope of the search (i.e. where users are located in the LDAP hierarchy).
Once you have that information, fill the fields as shown below:
- Client Name - leave the field empty and it will get an autogenerated value once you save the settings.
- Display Name - any arbitrary name you want to give in this integration.
- Password - password of the user mentioned in the Distinguished name field that will be used to search other users.
- Server URL - Codefresh supports both the
ldap
andldaps
protocol. You also need a certificate forldaps
. - Distinguished name - the username of the user that will search other users in LDAP notation (combination of
cn
,ou
,dc
). - Search Base - the scope to search other users in LDAP notation.
- Search Filter - the attribute by which the user will be searched on the LDAP server. By default this field is set to
uid
. For the Azure LDAP server, you need to set this field tosAMAccountName
. - Certificate - the security certificate of the LDAP server. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. Needed only for
ldaps
. Leave the field empty if you useldap
.
Click the Save button. LDAP users should now be able to login to Codefresh using LDAP.
Each user that logins into Codefresh must:
- Have a defined email address in the LDAP server
- Use an email address that is the same as defined in the LDAP server
- Use as login information their LDAP email, password and
cn
value of username