This is a cache of https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-idp.html. It is a snapshot of the page at 2024-11-27T03:02:54.570+0000.
Setting up an identity provider - Getting started with ROSA | Tutorials | Red Hat OpenShift Service on AWS
×

To log in to your cluster, set up an identity provider (IDP). This tutorial uses GitHub as an example IDP. See the full list of IDPs supported by ROSA.

  • To view all IDP options, run the following command:

    rosa create idp --help

Setting up an IDP with GitHub

  1. Log in to your GitHub account.

  2. Create a new GitHub organization where you are an administrator.

    If you are already an administrator in an existing organization and you want to use that organization, skip to step 9.

    Click the + icon, then click New Organization.

    cloud experts getting started idp new org
  3. Choose the most applicable plan for your situation or click Join for free.

  4. Enter an organization account name, an email, and whether it is a personal or business account. Then, click Next.

    cloud experts getting started idp team
  5. Optional: Add the GitHub IDs of other users to grant additional access to your ROSA cluster. You can also add them later.

  6. Click Complete Setup.

  7. Optional: Enter the requested information on the following page.

  8. Click Submit.

  9. Go back to the terminal and enter the following command to set up the GitHub IDP:

    rosa create idp --cluster=<cluster name> --interactive
  10. Enter the following values:

    Type of identity provider: github
    Identity Provider Name: <IDP-name>
    Restrict to members of: organizations
    GitHub organizations: <organization-account-name>
  11. The CLI will provide you with a link. Copy and paste the link into a browser and press Enter. This will fill the required information to register this application for OAuth. You do not need to modify any of the information.

    cloud experts getting started idp link
  12. Click Register application.

    cloud experts getting started idp register
  13. The next page displays a Client ID. Copy the ID and paste it in the terminal where it asks for Client ID.

    Do not close the tab.

  14. The CLI will ask for a Client Secret. Go back in your browser and click Generate a new client secret.

    cloud experts getting started idp secret
  15. A secret is generated for you. Copy your secret because it will never be visible again.

  16. Paste your secret into the terminal and press Enter.

  17. Leave GitHub Enterprise Hostname blank.

  18. Select claim.

  19. Wait approximately 1 minute for the IDP to be created and the configuration to land on your cluster.

    cloud experts getting started idp inputs
  20. Copy the returned link and paste it into your browser. The new IDP should be available under your chosen name. Click your IDP and use your GitHub credentials to access the cluster.

    cloud experts getting started idp login

Granting other users access to the cluster

To grant access to other cluster user you will need to add their GitHub user ID to the GitHub organization used for this cluster.

  1. In GitHub, go to the Your organizations page.

  2. Click your profile icon, then Your organizations. Then click <your-organization-name>. In our example, it is my-rosa-cluster.

    cloud experts getting started idp org
  3. Click Invite someone.

    cloud experts getting started idp invite
  4. Enter the GitHub ID of the new user, select the correct user, and click Invite.

  5. Once the new user accepts the invitation, they will be able to log in to the ROSA cluster using the Hybrid Cloud Console link and their GitHub credentials.