Set up Single Sign-On (SSO)¶
SaltStack Config integrates with third-party identity and access management solutions to enable users to login to the SaltStack Config user interface. SaltStack Config supports various authentication integrations:
- Single sign-on authentication (SSO) for an identity provider (IdP) that uses the SAML or OAuth protocols.
- Access management for directory services that use the LDAP protocol, such as Active Directory Domain Services.
Alternatively, you could also use the authentication that is native to SaltStack Config by storing user credentials locally in SaltStack Config on the RaaS node.
Setting up SSO is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation pages:
- Install the license key
- Install and configure the Master Plugin
- Log in for the first time and change default credentials
- Accept the Salt master key and back up data
- Set up SSL certificates
How to set up SSO or directory services¶
You can best configure SSO or directory services using the user interface as opposed to using the API (RaaS) or command line. The instructions for setting up SSO or directory services are included in the SaltStack Config documentation. These are static HTML reference documents that do not require a link outside the firewall.
To access this documentation:
- Login to SaltStack Config.
- In the toolbar, click Help > Help Documentation.
- Navigate to one of the following pages:
- Authentication with SAML
- Authentication with LDAP
- Authentication with OAuth and OIDC
After configuring SSO, there may be additional post-installation steps. Check the list of post-installation steps to ensure you have completed all the necessary steps.