/
Configuring with JumpCloud

Configuring with JumpCloud

Kloudfuse platform supports JumpCloud integration for customers who use JumpCloud based authorization within their organization. To enable it, please follow these steps.

  • Setup a new JumpCloud SSO OIDC application as per SSO with OIDC

    • Fill the redirect URL as https://<REPLACE_DNS_HOST>/oauth2/callback

    • Fill the login URL as https://<REPLACE_DNS_HOST>/oauth2/sign_in

    • Remember to copy the client-id & client-secret for further instructions.

    • Please make sure appropriate user-groups have access to then new SSO application.

  • Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):

    apiVersion: v1 data: oauth2_proxy.cfg: | display_htpasswd_form = "true" email_domains = [ "*" ] cookie_secure = "true" provider = "oidc" redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback" oidc_issuer_url = "https://oauth.id.jumpcloud.com/" kind: ConfigMap metadata: annotations: labels: app.kubernetes.io/managed-by: Helm name: kfuse-auth-jumpcloud-config

     

The oidc_issuer_url can also be obtained/confirmed from https://oauth.id.jumpcloud.com/.well-known/openid-configuration

  • Create secret kfuse-auth-jumpcloudas follows in kfuse namespace. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, run:

    python3 -c 'import base64,secrets,string; print(base64.b64encode(bytes("".join(secrets.choice(string.ascii_letters + string.punctuation + string.digits) for i in range(32)), "utf-8")).decode())'
    apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-jumpcloud type: Opaque
  • Update custom-values.yaml file to include following to refer to the config map and secrets we created.

 

Related content

Configuring OKTA
Configuring OKTA
More like this
Single Sign On (SSO) support
Single Sign On (SSO) support
More like this
Configure Google OAuth2 Authentication
Configure Google OAuth2 Authentication
More like this
Installation
Installation
More like this
Adding users or changing password
Adding users or changing password
Read with this
Configure SSO Authentication with SAML
Configure SSO Authentication with SAML
More like this