Configure Federated Authentication for KOTS Admin Console
By default, you can log in to the KOTS Admin Console with a shared password. To improve security, configure this feature so that KOTS admin authentication is managed by your Identity Provider.
Requirements
You must have the KOTS software installed.
Identity Service must be enabled by Jama Software Support for your Replicated license.
You must have an Identity Provider that is compatible with OpenID.
Important considerations
When you enable identity provider access to the KOTS Admin Console, shared password authentication is disabled. To reset authentication and reenable shared password authentication:
kubectl kots identity-service enable-shared-password --namespace default
To configure Federated Authentication:
Update the KOTS license if Support enabled Identity Service for your license. (See "Update the KOTS license" in Jama Connect 9.17.x User Guide).
Connect KOTS Admin Console to the Identity Provider.
Log in to the KOTS Admin Console, then select the Access tab.
In the Configure Identity Provider section:
Verify that the Admin Console URL matches the URL for your KOTS Admin Console.
Connector name — Enter a name that works best for your team.
Issuer — Enter the Issuer or OpenID Configuration URL from your IdP application.
Client ID and Client secret — Enter the Client ID and Client Secret from your IdP application.
Select the Access tab to expand the Advanced options menu, complete the following, then selectSave provider settings:
Scopes — Enter the OpenID, profile, and email.
Skip email verification — Enable or disable this option based on your organization's needs and IdP support.
Remaining fields — Use the default values.
Select Logout.
You are redirected to a new login screen, where you can log in to Jama Connect. If a "Failed to attempt login" error appears, see Troubleshooting KOTS errors.