Skip to main content
Skip table of contents

Harbor OIDC Integration

đź“‘ Instructions

This document explains how to implement Monosign with Harbor. It covers Single Sign-On. Before you continue, it is better to start with Harbor's Single Sign-On in this page.

This documentation contains 4 main steps for integration.

  1. Creating an Application on Monosign

  2. Configuration Single Sign-On for Harbor

  3. Assign a user to the Harbor application

  4. Sign In Test

1- Creating an Application on Monosign

Create application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for OIDC/OpenID Key for access.

This information will be necessary during the configuration of the application.

Property

Value

Options

Key Type

OIDC/OpenID

Rest API, OAuth 2.0, JWT, OIDC/OpenID, SAML, RADIUS, Access Gateway, LDAP, AuthN/Z Server

Expiration

Lifetime

Lifetime or Specific Date/Time - By Default Lifetime is Enabled.

Configuration details for the Harbor application are provided as follows:

image-20250128-190557.png

image-20250128-190727.png

Change or add below values in the properties.

Property

Value

UserName Format

Monosign UserName

Scope

openid, profile, email, offline_access

Additional Claims - UserName

{{UserName}}

Enable Group Mapping

Yes

Group Mapping Attribute

Groups

Group Mapping Format

{{Name}}

To ensure that the application has access to user groups, follow these steps:

  1. If the application hasn't been configured yet, click the “Edit” option for the application.

  2. In the application settings, navigate to the “Source, Provider, and Profile” tab.

  3. Configure the “User Access Type“ and “User Group Access Type” as “Only Assigned Users.”

Configuring this setting will allow the application to access by user groups when users sign in.

Property

Description

Options

User Access Type

Defines which Users will access to this application.

Only Assigned Users
All Users

User Group Access Type

Defines application’s user group access

Only Assigned Users
Assigned Users and Defined Sources
All Users

Profile Access Type

Defines Application’s user’s profile access

Restricted - Only restricted user profile attributes
All - All user profile attributes

2- Configuration Single Sign-On for Harbor

As it highlighted at the beginning of document, please check out the Harbor’s SSO configuration page first.

Please add your OIDC/OAuth2.0 settings to the application. The following information is needed for your configuration.

Go to Harbor Admin page. Open Configuration → Authentication and Choose OIDC

image-20250128-191344.png

add below values in the properties.

Property

Value

OIDC Provider Name

Monosign

OIDC Endpoint

https://account.monofor.com

OIDC Client ID

65cd9a63-15d3-42d0-9309-604a4fdcb547

OIDC Client Secret

f765fe93-f8d5-45ef-8ce8-23c1d1b1e36e

Group Claim Name

Groups

OIDC Admin Group

If you give Admin rights to specific Group type here

OIDC Scope

openid,profile,email,offline_access

Automatic onboarding

Yes

Username Claim

UserName

Click SAVE to apply OIDC configuration on Harbor then click TEST OIDC SERVER. If configuration successful it will show below message.

image-20250128-192242.png

Now, go back to Monosign and give access to your users and try login.

3- Assign a user to the Harbor application

Please follow below instructions on how to assign a user to the Harbor application. In this example john.smith will assign to the application access.

4- Sign In Test

Now try login. Navigate to the Harbor application login page.

image-20250128-192401.png

Click LOGIN WITH MONOSIGN button.

If everything is well configured, the page will be redirected to Monosign’s login page. It can be log in passwordless with QR code or type username and password.

image-20250128-192502.png

When the user logged in, the page will be redirected to the Harbor page.

image-20250128-192817.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.