Identity Sources¶
Administration -> Tenants -> Select Tenant -> Identity Sources
Overview¶
There are several built in single sign-on integrations included with Morpheus . These can be configured via the Identity Sources
button in Admin -> Accounts
. These integrations include linking even map these sign on tools to equivalent roles in Morpheus so at first log in users are assigned the appropriate role.
Active Directory¶
Overview¶
Active Directory is Microsoft’s primary authentication service widely used in Enterprise organizations and even via Microsoft’s cloud services. While Active Directory also supports LDAP protocol support (which Morpheus can integrate with as well), the main Active Directory integration can also be utilized. It is even possible to map Active Directory groups to equivalent Roles within Morpheus .
Note
To use Active Directory, a valid / trusted SSL certificate must be in place on the Active Directory services (self signed will not work).
Adding an Active Directory Integration¶
Navigate to Administration -> Tenants
Select a Tenant
Select IDENTITY SOURCES
Select + IDENTITY SOURCE
Choose “Active Directory”
Populate the following:
- Name
Unique name for authentication type.
- AD Server
Hostname or IP address of AD Server.
- Domain
Domain name of AD Domain.
- Binding Username
Service account username for bind user.
- Binding Password
Password for bind service account.
- Required Group
The AD group users must be in to have access (optional)
- Default Role
The default role a user is assigned if no group is listed under AD user that maps under Role Mappings section.
- Service Account Holder
This is the admin account type in Morpheus and an AD group can be created and populated to a user that this role should be assigned. Roles are assigned dynamically based on group membership.
Select SAVE CHANGES.
Now allowed AD users can login to Morpheus via their Active Directory credentials and a User will be automatically generated to Morpheus with matching metadata and mapped Role permissions.
Note
Only the username is required with password, not the username@domain.
Note
Sub-tenant Morpheus API authentication for Active Directory generated users is not currently supported.
OneLogin¶
Adding OneLogin Identity Source Integration
Navigate to Administration -> Tenants
Select the Tenant to add the Identity Source Integration
Select IDENTITY SOURCES
Select + IDENTITY SOURCE
Enter the following:
- TYPE
OneLogin
- NAME
Name of the Identity Source Integration in Morpheus
- DESCRIPTION
Optional Description of the Identity Source
- ONELOGIN SUBDOMAIN
- example: morpheus-dev
Warning
Please verify the subdomain carefully. An invalid subdomain will cause authentication attempts by OneLogin users to fail.
- ONELOGIN REGION
Speciify US or EU region
- API CLIENT SECRET
OneLogin API Client Secret from the Settings - API section in OneLogin portal
- API CLIENT ID
OneLogin API Client ID from the Settings - API section in OneLogin portal
- REQUIRED ROLE
Enter a role if OneLogin users logging into morpheus must have at least this OneLogin role to gain access to Morpheus.
- DEFAULT ROLE
The default Morpheus Role applied to users created from OneLogin Integration if no other role mapping is specified below
- ROLE MAPPINGS
Existing Morpheus Roles will be listed with fields to enter OneLogin Roles to map to. Users with OneLogin roles matching the role mappings will be assigned the appropriate Role(s) in Morpheus when signing in.
Select SAVE CHANGES and the OneLogin Integration will be added.
Users can now login to Morpheus with OneLogin credentials. The first Login will create a user in Morpheus matching the Username, email and Password from OneLogin. If a REQUIRED ROLE is specified in the Identity Source settings, only users with that Role in OneLogin will be able to login to Morpheus.
Important
OneLogin users will not authenticate in Morpheus if there is an existing Morpheus User with matching username or email address.