-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Document the steps for using custom CA (#3338)
* docs: Document the steps for using custom CA * chore: Trigger build * Optimised images with calibre/image-actions * chore: Fix image format * docs: Add a note about HTTPS and TLS to the custom CA topic --------- Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
- Loading branch information
1 parent
c35a088
commit 4f637d9
Showing
3 changed files
with
61 additions
and
1 deletion.
There are no files selected for viewing
58 changes: 58 additions & 0 deletions
58
docs/docs-content/user-management/saml-sso/palette-sso-with-custom-ca.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
--- | ||
sidebar_label: "Palette SSO with Custom CA" | ||
title: "Enable SSO with a Custom Certificate Authority" | ||
description: "Learn how to set up Palette SSO with Microsoft Entra ID" | ||
hide_table_of_contents: false | ||
sidebar_position: 130 | ||
hiddenFromNav: false | ||
tags: ["user-management", "oidc-sso", "custom-ca", "rbac"] | ||
--- | ||
|
||
A custom Certificate Authority (CA) refers to a certificate authority that is not part of the standard public CA | ||
ecosystem but is instead managed internally within an organization. This guide explains how you can enable Palette SSO | ||
with a custom CA certificate. | ||
|
||
## Prerequisites | ||
|
||
:::info | ||
|
||
For an SSO provider to work correctly with Palette, you must enable HTTPS and configure TLS. | ||
|
||
::: | ||
|
||
- Palette account with Tenant Admin access. | ||
|
||
- Existing SSO configuration with an SSO provider supported in Palette. Refer to [SAML and OIDC SSO Setup](saml-sso.md) | ||
for links to provider-specific guides. | ||
|
||
- Custom CA x509 certificate in the Privacy-Enhanced Mail (PEM) format issued by the SSO provider configured in Palette. | ||
|
||
## Enable SSO with Custom CA | ||
|
||
1. Log in to [Palette](https://console.spectrocloud.com) as a Tenant Admin. | ||
|
||
2. From the left **Main Menu**, select **Tenant Settings**. | ||
|
||
3. From the **Tenant Menu**, select **SSO** and, on the **Configure** tab, under **SSO Auth type**, select **OIDC**. | ||
|
||
4. In the **Identity Provider CA Certificate** field, enter your custom CA x509 certificate in the PEM format. | ||
|
||
![Palette that displays the OIDC configuration under SSO settings in the Tenant Settings menu. The Custom CA Certification field is highlighted.](/user-management_saml-sso_palette-sso-with-custom-ca_enter-cert.webp) | ||
|
||
5. Optionally, select the **Insecure Skip TLS Verify** checkbox to skip the TLS verification. | ||
|
||
:::info | ||
|
||
You cannot skip TLS verification for Palette VerteX instances. With Palette VerteX, you must provide a valid custom | ||
CA certificate. | ||
|
||
::: | ||
|
||
6. At the bottom of the page, select **Enable** and, in the **Cluster Update Confirmation** modal, select **Continue** | ||
to confirm your changes. | ||
|
||
## Validate | ||
|
||
1. Log in to [Palette](https://console.spectrocloud.com) and follow the steps to sign in with your SSO provider. | ||
|
||
2. If you have successfully logged in to Palette, then the custom CA certificate works as expected. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file added
BIN
+44 KB
...ic/assets/docs/images/user-management_saml-sso_palette-sso-with-custom-ca_enter-cert.webp
Binary file not shown.