3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-06 04:42:56 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: document service account requirements (#999)

Browse source
This commit is contained in:
Travis Groth 2020-06-25 19:32:36 -04:00 committed by GitHub
parent 917d8ec61b
commit c049d87362
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 59 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/docs/identity-providers/readme.md
View file

@ -16,11 +16,18 @@ In this guide we'll cover how to do the following for each identity provider:
1. Set a **[Redirect URL](https://www.oauth.com/oauth2-servers/redirect-uris/)** pointing back to Pomerium. For example, `https://${authenticate_service_url}/oauth2/callback`.
2. Generate a **[Client ID]** and **[Client Secret]**.
3. Configure Pomerium to use the **[Client ID]** and **[Client Secret]** keys.
4. Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
3. Generate a **[Service Account]** for additional IdP Data.
4. Configure Pomerium to use the **[Client ID]** and **[Client Secret]** keys.
5. Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
:::warning
You must configure an IdP **[Service Account]** to write policy against group membership, or any other data that does not uniquely identify an end-user.
[client id]: ../../configuration/readme.md#identity-provider-client-id
[client secret]: ../../configuration/readme.md#identity-provider-client-secret
[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
[oauth2]: https://oauth.net/2/
[openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
[service account]: ../../configuration/#identity-provider-service-account