This document explains how to implement Monosign with Portainer It covers Single Sign-On. Before you continue, it is better to start with Portainer ’s Single Sign-On con
This documentation contains 4 main steps for integration.
Creating an Application on Monosign
Configuration Single Sign-On for Portainer
Assign a user to the Portainer app
Sign In Test
1- Creating an Application on Monosign
Create your application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for OAuth2 Key for access.
We will need this information while we configure the app.
Rest API, OAuth 2.0, JWT, OIDC/OpenID, SAML, RADIUS, Access Gateway, LDAP, AuthN/Z Server
Lifetime or Specific Date/Time - By Default Lifetime is Enabled.
You are gonna see your configuration for your Portainer app as follows;
Your application need to have an access to groups. If you are configured it yet, you can Edit your application, and go to the “Source, Provider and Profile” tab, and configure User Group Access Type “Assigned Users and Defined Sources”. It means this application can access user’s group when they signed in.
User Access Type
Defines which Users will access to this application.
Only Assigned Users
User Group Access Type
Defines application’s user group access
Only Assigned Users
Profile Access Type
Defines Application’s user’s profile access
Restricted - Only restricted user profile attributes
2- Configuration Single Sign-On for Portainer
As we mentioned at the start, please check out the Portainer’s SSO configuration page first.
The following information is needed for your configuration page.
Now, go back to Monosign and give access to your users and try login.
3- Assign a user to the Portainer app
I am gonna give permission to “john.smith” who is my user on Monosign.
You can find the details here how to user can be assign to the application.
4- Sign In Test
Now try login. Navigate to the Portainer app.
If everything is well configured, you will be redirected to Monosign’s login page. You can log in passwordless with your QR code or you can type your user name and password.
When you logged, you are gonna be redirected to the Portainer as which role assigned previous steps.