Chainloop authentication backend is delegated to an OpenID Connect (OIDC) compatible Identity Provider (IdP) such as Google, GitHub, Auth0 or Azure Active Directory.
This guide will show you how to configure your Chainloop instance to run authentication over Azure Active Directory.
The process comprises two steps:
- Register a new App in your Azure Active Directory tenant
- Configure Chainloop deployment with the new OIDC settings
Register a new App
In your Azure console go to App registrations and click on New registration.
Fill out a descriptive name and your custom callback URL that should point to your instance of Chainloop control plane.
Once done, take note of the generated Application (client) ID and the tenant ID.
Next Create a new client secret and copy the generated value by clicking on "Certificate & secrets" > "New client secret"
Once done, copy the "value" which will be used as the
clientSecret in the next step.
Configure Chainloop deployment
As explained in the deployment guide, Open ID Connect configuration is done using the
auth.oidc section of the
Use the ClientID, Secret and URL from the previous step to configure the OIDC backend as shown below
And deploy your Chainloop Control Plane with the update values to take effect.
Finally give it a try by running
chainloop auth login and that's all! Your Chainloop users are now authenticated against your Active Directory tenant.