Home / , / Establishing an SSO connection

Establishing an SSO connection

1238 views

You can set up users in Kontainer via SSO to create a secure and seamless experience for your internal users.

We have a standard setup for Microsoft Entra ID, ADFS and Google. Get in touch for other setups.

We create a ‘’Trust’’ between your Active Directory groups (managed by your IT) and Kontainer. This means the user will automatically be created and assigned to predetermined groups when they log in the first time.

Like any other group in Kontainer, you can always change and manage access settings.

You can also assign extra rights to individual users that are added to the basic permissions, they inherit from their group membership.

To keep your user list manageable, you can determine rules that will deactivate or delete users that have not been logged in for a certain amount of time – like 2, 4 or 6 months. If a user logs in again after being auto-deleted, their user is simply reactivated.

Alongside SSO users, you can add other users and groups manually.

In the following, we will walk you through the setup of a Microsoft Entra ID SSO connection to Kontainer:

 

 

Azure/Entra ID App Registration

 

 

Step 1

On Entra ID services home click ”Entra ID Active Directory

 

 

 

Step 2

In the right menu, click ”App registrations

 

 

 

 

 

Step 3

At the top, click “New registration

 

 

 

 

Step 4

Fill in details:

  • Name: Kontainer
  • Redirect URI: https://xxx.kontainer.com/login/azure (replacing xxx with Kontainer client id)

 

 

 

 

Step 5

Click “Authentication” and fill in details:

  • Logout URL: https://xxx.kontainer.com/logout

Check the boxes

  • ID tokens
  • Multitenant

Click “Save

 

 

 

 

Step 6

Click “Certificates and secrets” and then “New client secret”.

Fill in:

  • Description: Kontainer

Set “Expires” to “Never

NOTE: Write down secret.

 

 

 

 

Step 7

Click “Token configuration”, and then “Add optional claim”.

Select “ID” and check

  • email
  • upn

Click “Add”.

 

 

 

 

Step 8

Click “Add groups claim” and check:

  • Security groups
  • ID

And then check:

  • Group ID

 

 

 

 

Step 9

Go to “API permissions” and click “Add a permission“.

Choose “Microsoft Graph” and click “Delegated permissions

 

 

 

 

Step 10

Scroll down to “GroupMember” and check:

  • GroupMember.Read.All

 

 

 

Step 11

Permissions should now be as below.

Perhaps you will need an administrator to consent the permissions.

 

 

 

 

Step 12

Go to “Overview” where you can find the below details to send to your Kontainer contact or support@kontainer.com:

  • Application (client) ID
  • Directory (tenant) ID

NOTE: Send the saved secret in a safe way.