Here I am trying to explain how to integrate Authentik SSO with Portainer, using OAuth2/OpenID.
Before we start, I assume you have a Portainer Installation and Authentik Installtion ready.
For Authenthik, you can follow my other guide.
Prerequisites
- Portainer Installation
portainer.example.com
- Authentik Installtion
sso.example.com
Create OAuth2/OpenID Provider On Authentik
login to your authentik installation and go to admin dashboard. Under Providers
, create an OAuth2/OpenID Provider
with these settings:
Protocol Settings
- Name:
Portainer
Client ID
: Copy and Save this for LaterClient Secret
: Copy and Save this for later- Redirect URIs/Origins:
https://portainer.example.com
Create Portainer Application On Authentik
Move to Application tab and create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
- Name:
Portainer
- Slug:
portainer
- Provider:
Portainer
- Launch URL:
https://portainer.example.com
Now let's make changes in Portainer.
Configure OAuth2/OpenID in Portainer
Under Settings
tab, Authentication
, Select OAuth and Custom
Enter Below Details.
- Client ID: Client ID from step 1
- Client Secret: Client Secret from step 1
- Authorization URL:
https://auth.example.com/application/o/authorize/
- Access Token URL:
https://auth.example.com/application/o/token/
- Redirect URL:
https://portainer.example.com
- Resource URL:
https://auth.example.com/application/o/userinfo/
- Logout URL:
https://auth.example.com/application/o/portainer/end-session/
- User Identifier:
email
- Scopes:
email openid profile
Once you save the settings, move to users
section
create user with username
as email id
, make sure this user present in Authentik. if you want the user to be admin
, enable the same.
Test the Setup
log-out the portainer application and access https://portainer.example.com
. You will see an option to login with OAuth2/OpenID.
Now you have Portainer with Authentik OAuth.