github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-10 07:58:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Finish adding docs for Google SSO and GitHub SSO configuration

Browse Source
This commit is contained in:
Tuan Dang
2023-09-19 15:53:19 +01:00
parent 663c4869b9
commit 14a260b785
14 changed files with 98 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/documentation/platform/sso/github.mdx Normal file
View File

@@ -0,0 +1,37 @@
---
title: "GitHub SSO"
description: "Configure GitHub SSO for Infisical"
---
Using GitHub SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GitHub and registering your instance with it.
## Create an OAuth application in GitHub
Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
![GitHub settings](../../../images/sso/github/settings.png)
![GitHub developer settings](../../../images/sso/github/dev-settings.png)
![GitHub create new OAuth application](../../../images/sso/github/new-app.png)
Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
and the **Authorization callback URL** to `https://your-domain.com/api/v1/sso/github`.
![GitHub create new OAuth application form](../../../images/sso/github/new-app-form.png)
<Note>
If you have a GitHub organization, you can create an OAuth application under it
in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
</Note>
## Add your OAuth application credentials to Infisical
Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
![GCP obtain OAuth2 credentials](../../../images/sso/github/credentials.png)
Back in your Infisical instance, add two new environment variables for the credentials of your GitHub OAuth application:
- `CLIENT_ID_GITHUB_LOGIN`: The **Client ID** of your GitHub OAuth application.
- `CLIENT_SECRET_GITHUB_LOGIN`: The **Client Secret** of your GitHub OAuth application.
Once added, restart your Infisical instance and log in with GitHub.

30
docs/documentation/platform/sso/google.mdx Normal file
View File

@@ -0,0 +1,30 @@
---
title: "Google SSO"
description: "Configure Google SSO for Infisical"
---
Using Google SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP and registering your instance with it.
## Create an OAuth2 application in GCP
Navigate to your project API & Services > Credentials to create a new OAuth2 application.
![GCP API services](../../../images/sso/google/api-services.png)
![GCP create new OAuth2 application](../../../images/sso/google/new-app.png)
Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/api/v1/sso/google`.
![GCP create new OAuth2 application form](../../../images/sso/google/new-app-form.png)
## Add your OAuth2 application credentials to Infisical
Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
![GCP obtain OAuth2 credentials](../../../images/sso/google/credentials.png)
Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application:
- `CLIENT_ID_GOOGLE_LOGIN`: The **Client ID** of your GCP OAuth2 application.
- `CLIENT_SECRET_GOOGLE_LOGIN`: The **Client Secret** of your GCP OAuth2 application.
Once added, restart your Infisical instance and log in with Google

12
docs/documentation/platform/sso/overview.mdx
View File

@@ -4,9 +4,11 @@ description: "Log in to Infisical via SSO protocols"
---
<Warning>
Infisical currently has confirmed support for SAML SSO authentication with
Okta, Azure AD, and JumpCloud. We're expanding support for other IdPs in the
coming months, so stay tuned and feel free to request a IdP at this
Infisical offers Google SSO and GitHub SSO for free across both Infisical Cloud and Infisical Self-hosted.
Infisical also offers SAML SSO authentication but as paid features that can be unlocked on Infisical Cloud's **Pro** tier
or via enterprise license on self-hosted instances of Infisical. On this front, we currently support Okta, Azure AD, and JumpCloud and
are expanding support for other IdPs in the coming months; stay tuned and feel free to request a IdP at this
[issue](https://github.com/Infisical/infisical/issues/442).
</Warning>
@@ -15,6 +17,8 @@ You can configure your organization in Infisical to have members authenticate wi
To note, configuring SSO retains the end-to-end encrypted architecture of Infisical because we decouple the **authentication** and **decryption** steps. In all login with SSO implementations,
your IdP cannot and will not have access to the decryption key needed to decrypt your secrets.
- [Google SSO](/documentation/platform/sso/google)
- [GitHub SSO](/documentation/platform/sso/github)
- [Okta SAML](/documentation/platform/sso/okta)
- [Azure SAML](/documentation/platform/sso/azure)
- [JumpCloud SAML](/documentation/platform/sso/jumpcloud)
- [JumpCloud SAML](/documentation/platform/sso/jumpcloud)

BIN
docs/images/sso/github/credentials.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 740 KiB

BIN
docs/images/sso/github/dev-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 856 KiB

BIN
docs/images/sso/github/new-app-form.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 772 KiB

BIN
docs/images/sso/github/new-app.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 602 KiB

BIN
docs/images/sso/github/settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
docs/images/sso/google/api-services.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 370 KiB

BIN
docs/images/sso/google/credentials.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
docs/images/sso/google/new-app-form.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 MiB

BIN
docs/images/sso/google/new-app.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 940 KiB

3
docs/mint.json
View File

@@ -126,6 +126,8 @@
"group": "SSO",
"pages": [
"documentation/platform/sso/overview",
"documentation/platform/sso/google",
"documentation/platform/sso/github",
"documentation/platform/sso/okta",
"documentation/platform/sso/azure",
"documentation/platform/sso/jumpcloud"
@@ -150,6 +152,7 @@
"self-hosting/configuration/envars",
"self-hosting/configuration/email",
"self-hosting/configuration/redis",
"self-hosting/configuration/sso",
"self-hosting/faq"
]
},

20
docs/self-hosting/configuration/sso.mdx Normal file
View File

@@ -0,0 +1,20 @@
---
title: "Configure SSO"
description: "How to configure SSO when self-hosting Infisical."
---
<Warning>
Infisical offers Google SSO and GitHub SSO for free.
Infisical also offers SAML SSO authentication but as paid features that can be unlocked via enterprise license; if this is of interest, please contact team@infisical.com.
On this front, we currently support Okta, Azure AD, and JumpCloud and are expanding support for other IdPs in the coming months; stay tuned and feel free to request a IdP at this
[issue](https://github.com/Infisical/infisical/issues/442).
</Warning>
You can view specific documentation for how to set up each SSO authentication method below:
- [Google SSO](/documentation/platform/sso/google)
- [GitHub SSO](/documentation/platform/sso/github)
- [Okta SAML](/documentation/platform/sso/okta)
- [Azure SAML](/documentation/platform/sso/azure)
- [JumpCloud SAML](/documentation/platform/sso/jumpcloud)