mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-27 13:39:04 +02:00
07e150a5af
* ping: add documentation * Update docs/docs/identity-providers/ping.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/docs/identity-providers/ping.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * use yaml for config Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| img | ||
| auth0.md | ||
| azure.md | ||
| cognito.md | ||
| github.md | ||
| gitlab.md | ||
| google.md | ||
| okta.md | ||
| one-login.md | ||
| ping.md | ||
| readme.md | ||
| title | description |
|---|---|
| Overview | This article describes how to connect Pomerium to third-party identity providers / single-sign-on services. You will need to generate keys, copy these into your Pomerium settings, and enable the connection. |
Identity Provider Configuration
This article describes how to configure Pomerium to use a third-party identity service for single-sign-on.
There are a few configuration steps required for identity provider integration. Most providers support OpenID Connect which provides a standardized identity and authentication interface.
In this guide we'll cover how to do the following for each identity provider:
- Set a Redirect URL pointing back to Pomerium. For example,
https://${authenticate_service_url}/oauth2/callback. - Generate a Client ID and Client Secret.
- Generate a Service Account for additional IdP Data.
- Configure Pomerium to use the Client ID and Client Secret keys.
- Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
:::warning
You must configure an IdP Service Account to write policy against group membership, or any other data that does not uniquely identify an end-user.