yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-09 01:58:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v0.13.3/deployment/security/auth0/index.md
Sriharsha Chintalapani 6ca1ec6fbe
Delete old docs (#11627) 
* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs

* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs

* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs
2023-05-17 07:04:56 +02:00

5.6 KiB
Raw Blame History

title slug
Auth0 SSO /deployment/security/auth0

Auth0 SSO

Follow the sections in this guide to set up Auth0 SSO.

{% note %}

Security requirements for your production environment:

  • DELETE the admin default account shipped by OM in case you had Basic Authentication enabled before configuring the authentication with Auth0 SSO.
  • UPDATE the Private / Public keys used for the JWT Tokens. The keys we provide by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.

{% /note %}

Create Server Credentials

Step 1: Create the Account

  • If you don't have an account, Sign up to create one.
  • Select the Account Type, i.e., Company or Personal
  • Click I need advanced settings and click next.

{% image src="/images/v0.13.3/deployment/security/auth0/create-account-1.png" alt="create-account" /%}

  • Provide the Tenant Domain, select the region and click on Create Account.

{% image src="/images/v0.13.3/deployment/security/auth0/create-account-2.png" alt="create-account" /%}

  • Once done, you will land on the dashboard page.

{% image src="/images/v0.13.3/deployment/security/auth0/create-account-3.png" alt="create-account" /%}

Step 2: Create a New Application

  • Once you are on the Dashboard page, click on Applications > Applications available on the left-hand side panel.

{% image src="/images/v0.13.3/deployment/security/auth0/create-new-app-1.png" alt="create-app" /%}

  • Click on Create Application.

{% image src="/images/v0.13.3/deployment/security/auth0/create-new-app-2.png" alt="create-app" /%}

  • Enter the Application name.
  • Choose an application type and click on Create.

{% image src="/images/v0.13.3/deployment/security/auth0/create-new-app-3.png" alt="create-app" /%}

Step 3: Where to Find the Credentials

  • Navigate to the Settings tab.
  • You will find your Client ID, Client Secret and Domain.

{% image src="/images/v0.13.3/deployment/security/auth0/credentials.png" alt="credentials" /%}

Create Service Account (optional)

This is a guide to create ingestion bot service account. This step is optional if you configure the ingestion-bot with the JWT Token, you can follow the documentation of Enable JWT Tokens.

Step 1: Enable Client-Credential

  • Go to your project dashboard.

{% image src="/images/v0.13.3/deployment/security/auth0/enable-client-credential-1.png" alt="client" /%}

  • Navigate to Applications > Applications

{% image src="/images/v0.13.3/deployment/security/auth0/enable-client-credential-2.png" alt="client" /%}

  • Select your application from the list.

{% image src="/images/v0.13.3/deployment/security/auth0/enable-client-credential-3.png" alt="client" /%}

  • Once selected, scroll down until you see the Application Properties section.
  • Change the Token Endpoint Authentication Method from None to Basic.

{% image src="/images/v0.13.3/deployment/security/auth0/enable-client-credential-4.png" alt="client" /%}

  • Now scroll further down to the section on Advanced Settings.
  • Click on it and select Grant Types.
  • In the Grant Types, check the option for Client Credentials.

{% image src="/images/v0.13.3/deployment/security/auth0/enable-client-credential-5.png" alt="client" /%}

  • Once done, click on Save Changes.

Step 2: Authorize the API with our Application.

  • Navigate to Applications > APIs from the left menu.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-1.png" alt="auth" /%}

  • You will see the Auth0 Management API.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-2.png" alt="auth" /%}

  • Click on the Auth0 Management API.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-3.png" alt="auth" /%}

  • Click on the Machine to Machine Applications tab.
  • You will find your application listed below.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-4.png" alt="auth" /%}

  • Click on the toggle to authorize.
  • Once done you will find a down arrow, click on it.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-5.png" alt="auth" /%}

  • Select the permissions (scopes) that should be granted to the client.
  • Click on Update.

{% image src="/images/v0.13.3/deployment/security/auth0/authorize-api-6.png" alt="auth" /%}

After the applying these steps, you can update the configuration of your deployment:

{%inlineCalloutContainer%}

{%inlineCallout icon="celebration" bold="Docker Security" href="/deployment/security/auth0/docker" %} Configure Auth0 SSO for your Docker Deployment. {%/inlineCallout%}

{%inlineCallout icon="storage" bold="Bare Metal Security" href="/deployment/security/auth0/bare-metal" %} Configure Auth0 SSO for your Bare Metal Deployment. {%/inlineCallout%}

{%inlineCallout icon="fit_screen" bold="Kubernetes Security" href="/deployment/security/auth0/kubernetes" %} Configure Auth0 SSO for your Kubernetes Deployment. {%/inlineCallout%}

{%/inlineCalloutContainer%}

Configure Ingestion

After everything has been set up, you will need to configure your workflows if you are running them via the metadata CLI or with any custom scheduler.

When setting up the YAML config for the connector, update the workflowConfig as follows:

workflowConfig:
  openMetadataServerConfig:
    hostPort: "http://localhost:8585/api"
    authProvider: auth0
    securityConfig:
      clientId: "{your_client_id}"
      secretKey: "{your_client_secret}"
      domain: "{your_domain}"