Kontainer Helpdesk Kontainer Helpdesk

  • User Guides
  • Knowledge base
  • Support
Home / Integrations & Plugins, Users, Groups & Permissions / Establishing an SSO connection

Establishing an SSO connection

1295 views 0

You can set up users in Kontainer via SSO to create a secure and seamless experience for your internal users.

We have a standard setup for Microsoft Entra ID, ADFS and Google. Get in touch for other setups.

We create a ‘’Trust’’ between your Active Directory groups (managed by your IT) and Kontainer. This means the user will automatically be created and assigned to predetermined groups when they log in the first time.

Like any other group in Kontainer, you can always change and manage access settings.

You can also assign extra rights to individual users that are added to the basic permissions, they inherit from their group membership.

To keep your user list manageable, you can determine rules that will deactivate or delete users that have not been logged in for a certain amount of time – like 2, 4 or 6 months. If a user logs in again after being auto-deleted, their user is simply reactivated.

Alongside SSO users, you can add other users and groups manually.

In the following, we will walk you through the setup of a Microsoft Entra ID SSO connection to Kontainer:

 


 

Azure/Entra ID App Registration

 

 

Step 1

On Entra ID services home click ”Entra ID Active Directory”

 

 

 

Step 2

In the right menu, click ”App registrations”

 

 

 

 

 

Step 3

At the top, click “New registration”

 

 

 

 

Step 4

Fill in details:

  • Name: Kontainer
  • Redirect URI: https://xxx.kontainer.com/login/azure (replacing xxx with Kontainer client id)

 

 

 

 

Step 5

Click “Authentication” and fill in details:

  • Logout URL: https://xxx.kontainer.com/logout

Check the boxes

  • “ID tokens”
  • “Multitenant”

Click “Save”

 

 

 

 

Step 6

Click “Certificates and secrets” and then “New client secret”.

Fill in:

  • Description: Kontainer

Set “Expires” to “Never”

NOTE: Write down secret.

 

 

 

 

Step 7

Click “Token configuration”, and then “Add optional claim”.

Select “ID” and check

  • “email”
  • “upn”

Click “Add”.

 

 

 

 

Step 8

Click “Add groups claim” and check:

  • “Security groups“
  • “ID“

And then check:

  • “Group ID“

 

 

 

 

Step 9

Go to “API permissions” and click “Add a permission“.

Choose “Microsoft Graph” and click “Delegated permissions“

 

 

 

 

Step 10

Scroll down to “GroupMember” and check:

  • “GroupMember.Read.All”

 

 

 

Step 11

Permissions should now be as below.

Perhaps you will need an administrator to consent the permissions.

 

 

 

 

Step 12

Go to “Overview” where you can find the below details to send to your Kontainer contact or support@kontainer.com:

  • “Application (client) ID”
  • “Directory (tenant) ID”

NOTE: Send the saved secret in a safe way.

 

 


 

 

 

Integrations & PluginsUsers, Groups & Permissions

Related Articles

  • AI functions for DAM
  • Video streaming guide
  • Kontainer x Drupal – Plugin Guide
  • User Maintenance Guide

Follow us

Remote support

Book a support session here

For desktop sharing click here

Cookie & Privacy Policy

Please read our privacy policy

Click here

Copyright 2020 Kontainer All rights reserved.