mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-19 11:12:53 +02:00
| .. | ||
| img | ||
| azure.md | ||
| cognito.md | ||
| github.md | ||
| gitlab.md | ||
| google.md | ||
| okta.md | ||
| one-login.md | ||
| readme.md | ||
| title | description |
|---|---|
| Overview | This article describes how to connect Pomerium to third-party identity providers / single-sign-on services. You will need to generate keys, copy these into your Pomerium settings, and enable the connection. |
Identity Provider Configuration
This article describes how to configure Pomerium to use a third-party identity service for single-sign-on.
There are a few configuration steps required for identity provider integration. Most providers support OpenID Connect which provides a standardized identity and authentication interface.
In this guide we'll cover how to do the following for each identity provider:
- Set a Redirect URL pointing back to Pomerium. For example,
https://${authenticate_service_url}/oauth2/callback. - Generate a Client ID and Client Secret.
- Generate a Service Account for additional IdP Data.
- Configure Pomerium to use the Client ID and Client Secret keys.
- Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
:::warning
You must configure an IdP Service Account to write policy against group membership, or any other data that does not uniquely identify an end-user.