Portainer OAuth2 Integration

This document explains how to implement Monosign with Portainer It covers Single Sign-On. Before you continue, it is better to start with Portainer ’s Single Sign-On con

📑 Instructions

This documentation contains 4 main steps for integration.

  1. Creating an Application on Monosign

  2. Configuration Single Sign-On for Portainer

  3. Assign a user to the Portainer app

  4. Sign In Test


1- Creating an Application on Monosign

Create your application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for OAuth2 Key for access.

We will need this information while we configure the app.

CleanShot 2023-08-16 at 21.34.31@2x-20230816-183515.png
CleanShot 2023-09-01 at 09.24.57-20230901-062520.png

Property

Value

Options

Key Type

OAuth 2.0

Rest API, OAuth 2.0, JWT, OIDC/OpenID, SAML, RADIUS, Access Gateway, LDAP, AuthN/Z Server

Expiration

Lifetime

Lifetime or Specific Date/Time - By Default Lifetime is Enabled.

You are gonna see your configuration for your Portainer app as follows;

CleanShot 2023-09-01 at 09.26.13-20230901-062703.png

Your application need to have an access to groups. If you are configured it yet, you can Edit your application, and go to the “Source, Provider and Profile” tab, and configure User Group Access Type “Assigned Users and Defined Sources”. It means this application can access user’s group when they signed in.

CleanShot 2022-04-14 at 00.35.42@2x-20220414-043548.png

Property

Description

Options

User Access Type

Defines which Users will access to this application.

Only Assigned Users
All Users

User Group Access Type

Defines application’s user group access

Only Assigned Users
Assigned Users and Defined Sources
All Users

Profile Access Type

Defines Application’s user’s profile access

Restricted - Only restricted user profile attributes
All - All user profile attributes

2- Configuration Single Sign-On for Portainer

As we mentioned at the start, please check out the Portainer’s SSO configuration page first.

The following information is needed for your configuration page.

image-20240108-065634.png


Now, go back to Monosign and give access to your users and try login.

3- Assign a user to the Portainer app

I am gonna give permission to “john.smith” who is my user on Monosign.

You can find the details here how to user can be assign to the application.

CleanShot 2023-08-29 at 13.28.19@2x-20230829-102857.png
CleanShot 2023-08-29 at 13.29.20@2x-20230829-102926.png

4- Sign In Test

Now try login. Navigate to the Portainer app.

CleanShot 2023-09-01 at 09.45.11-20230901-064525.png

If everything is well configured, you will be redirected to Monosign’s login page. You can log in passwordless with your QR code or you can type your user name and password.

CleanShot 2023-09-01 at 09.46.14-20230901-064628.png


When you logged, you are gonna be redirected to the Portainer as which role assigned previous steps.