Skip to main content

Configuring Authentication for the Console with Azure Active Directory

  • Updated

To sign into the Capsule8 Console via Azure SSO, follow these steps:

Create a new app in Azure Active Directory

  1. Navigate to the Enterprise Applications page of the Azure Active Directory instance.
  2. Select Create your own application.
  3. Input a name for the application and click Create.
  4. On the application's page, select Single sign-on then SAML
  5. Under "Basic SAML Configuration", configure the following:
    1. "Identifier" should be in the format https://<console-base-domain>/sessions/saml/adfs/metadata
    2. "Reply URL" should be in the format https://<console-base-domain>/sessions/saml/adfs/acs
    3. "Sign on URL" should be in the format https://<console-base-domain>/sessions/saml/adfs
    4. "Logout URL" should be in the format https://<console-base-domain>/sessions/saml/adfs/slo/request
  6. Copy the "App Federation Metadata Url" and download the base64 certificate for the next steps

Configure the Capsule8 Console

Set the following variables in the Capsule8 Console configuration file.

console:
  #...
  auth_saml_adfs_enabled: true
  auth_saml_metadata_url: "https://login.microsoftonline.com/8388b277-f2d9-46ad-982d-e89432a19c20/federationmetadata/2007-06/federationmetadata.xml?appid=f0115ca8-3c35-4cdc-aded-cff83681d409"
  auth_saml_local_cert_file_path: /path/to/cert
  auth_saml_console_host: capsule8.mycompany.com
  1. Set auth_saml_adfs_enabled to true
  2. auth_saml_metadata_url should be the metadata URL copied in the previous section
  3. auth_saml_local_cert_file_path should be the path to the certificate file downloaded in the previous section
  4. auth_saml_console_host The public-facing address of the Capsule8 Console

After restarting the Capsule8 Console and navigating to the login page, the option to Sign in with ADFS should be visible.

Optional configuration values

console:
  #...
  auth_saml_insecure_skip_verify: true
  tls_cert_path: /path/to/cert
  tls_key_path: /path/to/key
  auth_saml_insecure_skip_verify: true
  • auth_saml_insecure_skip_verify For self-signed certificates, this field should be set to true. 
  • To override the console's SSL certificates, set theconsole.tls_cert_pathand tls_key_pathproperties to their corresponding files.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.