You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/misc/14_saml_and_scim/index.md
+17-4Lines changed: 17 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -10,15 +10,17 @@ ACS Url is `<instance_url>/api/saml/acs`
10
10
SCIM connector is `<instance_url>/api/scim`
11
11
Application username format is `Email`
12
12
13
-
Pass SAML_METADATA containing the metadata URL to the server containers to enable SAML authentication. In the helm charts, the value is `enterprise.samlMetadata`
13
+
14
+
In the Instance Settings UI, pass the SAML Metadata URL (or content) containing the metadata URL (or XML content).
14
15
15
16
### Okta
16
17
17
18
Configure Okta with the following settings (and replace cf.wimill.xyz with your domain):
18
19
19
20
20
21
21
-
Pass SAML_METADATA containing the metadata URL to the server containers to enable SAML authentication. In the helm charts, the value is `enterprise.samlMetadata`:
22
+
23
+
In the Instance Settings UI, pass the SAML Metadata URL (or content) containing the metadata URL (or XML content).
22
24
23
25
24
26
@@ -54,7 +56,8 @@ Configure Okta with the following settings (and replace cf.wimill.xyz with your
54
56
55
57
56
58
57
-
For the Bearer Token, use the value of `enterprise.scimToken` in the helm charts which corresponds to the `SCIM_TOKEN`` env variable for the server container.
59
+
60
+
In the Instance Settings UI, set the SCIM token containing the secret value that you will share to Okta.
58
61
59
62
60
63
@@ -64,7 +67,17 @@ Create an application from the "Enterprise Applications" menu (see [Configuring
64
67
65
68
66
69
67
-
Choose the "Automatic" provisioning mode, and then for the Tenant URL, input the public URL of your Windmill server with the prefix `/api/scim`. For the Secret Token, use the value of `enterprise.scimToken` in the helm charts which corresponds to the `SCIM_TOKEN` env variable for the server container. You can then click on the Test Connection button to validate Azure can connect to Windmill's SCIM endpoint. You can then choose to sync only the Users and Groups assigned to this application, or all users and groups. Note that if you choose the former, after you save, go to the application's page and click on the "Users and groups" button in the left menu bar. Only the users and groups present here will be synced to Windmill.
70
+
Choose the "Automatic" provisioning mode, and then for the Tenant URL, input the public URL of your Windmill server with the prefix `/api/scim`.
71
+
72
+
73
+
74
+
Copy the App Federation Metadata URL and paste it in the Instance Settings UI.
75
+
76
+
77
+
78
+
In the Instance Settings UI, set the SCIM token containing the secret value that you will share to Azure. You can click "Test" in Windmill's Instance Settings UI to validate the SAML metadata URL/Content.
79
+
80
+
You can then click on the Test Connection button to validate Azure can connect to Windmill's SCIM endpoint. You can then choose to sync only the Users and Groups assigned to this application, or all users and groups. Note that if you choose the former, after you save, go to the application's page and click on the "Users and groups" button in the left menu bar. Only the users and groups present here will be synced to Windmill.
0 commit comments