Generate a Dedicated URL Login for Each Tenant

This page contains instructions on how to generate a workspace-specific URL to access the DKP UI.

By making this URL available to your tenant, you provide them with a dedicated login page, where users can enter their SSO credentials to access their workspace in the DKP UI and to where users can create a token to access a cluster’s kubectl API. Other tenants and their SSO configurations are not visible.

See Multi-Tenancy in DKP for more information around identity provider configuration.

Prerequisites

You have followed the steps in How do I enable multi-tenancy?
You have Admin permissions and access to all workspaces.

Generate a Login URL

Set an environment variable to point at the workspace for which you want to generate a URL:
Replace <name_target_workspace> with the workspace name. If you do not know the exact name of the workspace, run kubectl get workspace to get a list of all workspace names.
CODE
```
export WORKSPACE_NAME=<name_target_workspace>
```

Generate a DKP UI login URL for that workspace:

CODE

echo https://$(kubectl get kommandercluster -n kommander host-cluster -o jsonpath='{ .status.ingress.address }')/token/landing/${WORKSPACE_NAME}

The output looks similar to this:

CODE

https://example.com/token/landing/<WORKSPACE_NAME>

Share the output login URL with your tenant, so users can start accessing their workspace from the DKP UI.

The login page displays:

Identity providers set globally
Identity providers set for that specific workspace

The login page does not display any resources or workspaces for which the tenant has no permissions.