Identity Providers

Grant access to users in your organization

Logging in with Username and Password

By default, you login to konvoy with a credential given by konvoy up. You can retrieve it later by using konvoy get ops-portal.

These static credentials should only be used to access operations portal for configuring an external identity provider. Since there is no way of updating static credentials they should be treated as backup credentials and not used for normal access. Always login with your own identity from external identity providers that provide additional security features like Multi-Factor Authentication.

You can perform the following operations on Identity Providers:

Identity Providers

To provide simple access for the users of your organization, Identity Providers can be set up.

Currently, Kommander supports Github, LDAP, and any standard OIDC provider such as Google.

You can configure as many Identity Providers as you like and users will be able to select any of those methods when logging in.

Identity

Identity Providers

Limiting who has access:

  • The Github provider allows to specify which orgs and teams are eligible for access.

Github Form

Github Form

  • The LDAP provider allows to configure search filters for either users or groups.

LDAP Form

LDAP Form

  • The OIDC provider cannot limit users based on identity.

OIDC Form

OIDC Form

Temporarily disabling a provider

Open the actions menu on the Identity Providers table and click Disable. The provider option will no longer appear on the login screen.

Identity Provider Table Row Action Menu

Identity Provider Table Row Action Menu

Groups

Access control groups are configured in the Groups tab of the Identity Providers page. Refer to Access Control for an overview of groups in Kommander.

Identity Provider Groups

Identity Provider Groups