Logging in with Username and Password
By default, you login to Konvoy with a credential given by konvoy up
. You can retrieve it later by using the command konvoy get ops-portal
.
These static credentials should only be used to access operations portal for configuring an external identity provider. Since there is no way of updating static credentials they should be treated as backup credentials and not used for normal access. Always login with your own identity from external identity providers that provide additional security features like Multi-Factor Authentication.
You can perform the following operations on Identity Providers:
Identity Providers
To provide simple access for the users of your organization, Identity Providers can be set up.
Currently, Kommander supports GitHub, LDAP, any standard SAML provider such as OneLogin, and any standard OIDC provider such as Google.
You can configure as many Identity Providers as you like and users will be able to select any of those methods when logging in.
Identity Providers
Limiting who has access:
- The Github provider allows to specify which orgs and teams are eligible for access.
Github Form
- The LDAP provider allows to configure search filters for either users or groups.
LDAP Form
- The OIDC provider cannot limit users based on identity.
OIDC Form
- The SAML provider allows users to log in using a single sign-on (SSO) profile.
SAML Form
Temporarily disabling a provider
Open the actions menu on the Identity Providers table and click Disable. The provider option will no longer appear on the login screen.
Identity Provider Table Row Action Menu
Groups
Access control groups are configured in the Groups tab of the Identity Providers page. Refer to Access Control for an overview of groups in Kommander.
Identity Provider Groups