6fcdf803e6
* Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images
5.4 KiB
| title | slug |
|---|---|
| Auth0 SSO | /deployment/security/auth0 |
Auth0 SSO
Follow the sections in this guide to set up Auth0 SSO.
Security requirements for your production environment:
- DELETE the admin default account shipped by OM in case you had Basic Authentication enabled before configuring the authentication with Auth0 SSO.
- UPDATE the Private / Public keys used for the JWT Tokens. The keys we provide by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.
Create Server Credentials
Step 1: Create the Account
- If you don't have an account, Sign up to create one.
- Select the Account Type, i.e., Company or Personal
- Click I need advanced settings and click next.
- Provide the Tenant Domain, select the region and click on Create Account.
- Once done, you will land on the dashboard page.
Step 2: Create a New Application
- Once you are on the Dashboard page, click on
Applications > Applicationsavailable on the left-hand side panel.
- Click on
Create Application.
- Enter the Application name.
- Choose an application type and click on
Create.
Step 3: Where to Find the Credentials
- Navigate to the Settings tab.
- You will find your
Client ID,Client SecretandDomain.
Create Service Account (optional)
This is a guide to create ingestion bot service account. This step is optional if you configure the ingestion-bot with the JWT Token, you can follow the documentation of Enable JWT Tokens.
Step 1: Enable Client-Credential
- Go to your project dashboard.
- Navigate to
Applications > Applications
- Select your application from the list.
- Once selected, scroll down until you see the
Application Propertiessection. - Change the Token Endpoint
Authentication MethodfromNonetoBasic.
- Now scroll further down to the section on
Advanced Settings. - Click on it and select
Grant Types. - In the
Grant Types, check the option forClient Credentials.
- Once done, click on
Save Changes.
Step 2: Authorize the API with our Application.
- Navigate to
Applications > APIsfrom the left menu.
- You will see the
Auth0 Management API.
- Click on the
Auth0 Management API.
- Click on the
Machine to Machine Applicationstab. - You will find your application listed below.
- Click on the toggle to authorize.
- Once done you will find a down arrow, click on it.
- Select the permissions (scopes) that should be granted to the client.
- Click on
Update.
After the applying these steps, you can update the configuration of your deployment:
{%inlineCalloutContainer%}
{%inlineCallout icon="celebration" bold="Docker Security" href="/deployment/security/auth0/docker" %} Configure Auth0 SSO for your Docker Deployment. {%/inlineCallout%}
{%inlineCallout icon="storage" bold="Bare Metal Security" href="/deployment/security/auth0/bare-metal" %} Configure Auth0 SSO for your Bare Metal Deployment. {%/inlineCallout%}
{%inlineCallout icon="fit_screen" bold="Kubernetes Security" href="/deployment/security/auth0/kubernetes" %} Configure Auth0 SSO for your Kubernetes Deployment. {%/inlineCallout%}
{%/inlineCalloutContainer%}
Configure Ingestion
After everything has been set up, you will need to configure your workflows if you are running them via the
metadata CLI or with any custom scheduler.
When setting up the YAML config for the connector, update the workflowConfig as follows:
workflowConfig:
openMetadataServerConfig:
hostPort: "http://localhost:8585/api"
authProvider: auth0
securityConfig:
clientId: "{your_client_id}"
secretKey: "{your_client_secret}"
domain: "{your_domain}"