You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _posts/2020-09-16-openfaas-oidc-okta.md
+10-4Lines changed: 10 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -5,9 +5,9 @@ date: 2020-09-16
5
5
image: /images/2020-09-oidc-okta/concentrate.jpg
6
6
categories:
7
7
- kubernetes
8
-
- developers
9
-
- tools
10
8
- oauth2
9
+
- security
10
+
- sso
11
11
- oidc
12
12
author_staff_member: alex
13
13
dark_background: true
@@ -20,7 +20,7 @@ Learn how to enable Single Sign-on (SSO) for OpenFaaS with Okta and OpenID Conne
20
20
21
21
OpenID Connect is a common standard that builds upon OAuth2 to enable authentication to services and applications. Solutions like [Okta](https://www.okta.com) can be used to enable Single Sign-On across a number of third-party and in-house applications. This reduces the burden on IT administrators - fewer requests to reset passwords, fewer employees will share credentials and policy can enforced in one place.
22
22
23
-
In this tutorial, I'll show you how to setup Okta and OpenFaaS with the OIDC auth plugin. The OIDC auth plugin for OpenFaaS is a commercial add-on included in our [OpenFaaS Premium Subscription](https://www.openfaas.com/support).
23
+
In this tutorial, I'll show you how to setup Okta and OpenFaaS with the OIDC / OAuth2 authentication module. The OIDC auth module for OpenFaaS is a commercial add-on included in our [OpenFaaS Premium Subscription](https://www.openfaas.com/support).
24
24
25
25
If you don't have an active [OpenFaaS Premium Subscription](https://www.openfaas.com/support), then you will need to apply for a trial key here: [Apply for a 14-day trial](https://forms.gle/mFmwtoez1obZzm286).
26
26
@@ -30,7 +30,7 @@ If you don't have an active [OpenFaaS Premium Subscription](https://www.openfaas
30
30
* Register a domain or DNS sub-zone
31
31
* Create an App in Okta
32
32
* Collect OIDC URLS, IDs and credentials
33
-
* Setup OpenFaaS with TLS, Ingress and the auth plugin
33
+
* Setup OpenFaaS with TLS, Ingress and the authentication module
34
34
* Configure your DNS
35
35
* Test out logging into OpenFaaS with Okta
36
36
@@ -264,6 +264,12 @@ nodeinfo 0 1
264
264
265
265
When you need to use a token from CI, we provide instructions for the `clients_credentials` flow in the OpenFaaS documentation (referenced in the summary).
266
266
267
+
Now you can invite your team and co-workers to collaborate with you and build serverless functions.
268
+
269
+
Use the User panel to add new users to Okta, or if they are already in your Okta account, setup a new OpenFaaS Group and add them to that.
270
+
271
+
272
+
267
273
## Wrapping up
268
274
269
275
In a relatively short period of time, we've been able to authenticate to OpenFaaS using Okta and a single login. Any OIDC provider should work and I've tested the code with GitLab, Auth0 and GitLab so far. From here, it's easy to add other users to the OpenFaaS app, and to send them an invite over email to join.
0 commit comments