$ oc -n stackrox set env deploy/central ROX_ENABLE_OPENSHIFT_AUTH=true
OpenShift Container Platform includes a built-in OAuth server that you can use as an authentication provider for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
To integrate the built-in OpenShift Container Platform OAuth server as an identity provider for Red Hat Advanced Cluster Security for Kubernetes (RHACS) use the instructions in this section.
You must have the AuthProvider
permission to configure identity providers in RHACS.
You must have already configured users and groups in OpenShift Container Platform OAuth server.
On the RHACS portal, navigate to Platform Configuration → Access Control.
Open the Add an Auth Provider menu and select OpenShift Auth.
Enter a name for the authentication provider in the Name field.
Choose a Minimum access role for users accessing RHACS by using the selected identity provider.
For security, Red Hat recommends setting the Minimum access role to None while you complete setup. Later, you can return to the Access Control page to set up more tailored access rules based on user metadata from your identity provider. |
To add access rules for users and groups accessing RHACS, use the Rules section. For example, to give the Admin role to a user called administrator
, select user as Key, administrator as Value, and Admin as the Role. Use Add new rule to add more rules.
Click Save.
|