pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-07 21:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
72ae6094b5de217b125f4172c8486d4583dafe4b
docs-v2/manage/identity-providers/add-an-idp.mdx
Owen 72ae6094b5 Further 1.15.0 updates
2026-01-22 21:46:06 -08:00

111 lines
5.1 KiB
Plaintext
Raw Blame History

---
title: "Add Identity Providers"
description: "Configure external identity providers for user authentication to resources and the organization"
---
Identity providers allow your users to log into Pangolin and Pangolin resources using their existing accounts from external identity systems like Google, Microsoft Azure, or Okta. Instead of creating separate Pangolin accounts, users can authenticate with their familiar work or personal credentials.
Here is an example using Microsoft Azure Entra ID as SSO for Pangolin:
<iframe
className="w-full aspect-video rounded-xl mb-10"
src="https://www.youtube.com/embed/41OWI8uHPZg?si=VYGGAerzsIDe6wUx"
title="YouTube video player"
frameBorder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen
></iframe>
**This feature is for you if:**
- Your organization already uses an identity provider like Google Workspace, Microsoft Entra ID, Okta, or similar systems
- You want to centralize user management and avoid maintaining separate Pangolin accounts
- You need to control who can access Pangolin resources through your existing user directory
- You want users to access Pangolin using their existing credentials without creating new passwords
<Frame>
<img src="/images/create-idp.png" />
</Frame>
## Identity Provider Types
### Organization Identity Providers
Organization identity providers are configured per organization and only apply to that specific organization. Each org can have its own identity providers, allowing for authentication methods based on the organization's needs.
<Note>
Available in Pangolin Cloud and Enterprise. Enterprise users must enable `use_org_only_idp` in the [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
</Note>
### Global Identity Providers
Global identity providers are managed at the server level and not the individual organization. They can apply to all or some organizations on the server. This means you must define policies per organization to map users to specific organizations and roles within those organizations.
<Tip>
Global identity providers are the only supported method in Pangolin Community.
</Tip>
## Supported Identity Providers
### OAuth2/OIDC
This can be used to connect to any external identity provider that supports the OpenID Connect protocol such as:
- Authentik
- Keycloak
- Okta
- Other OIDC-compliant providers
### Google
<Note>
Google IdP is only available in Pangolin Cloud or Pangolin Enterprise with org identity providers. See above to enable.
</Note>
Easily set up Google Workspace authentication for your organization. Users can sign in with their Google accounts and access Pangolin resources using their existing Google credentials. Perfect for organizations already using Google Workspace for email, calendar, and other services.
### Azure Entra ID
<Note>
Azure Entra ID IdP is only available in Pangolin Cloud or Pangolin Enterprise with org identity providers. See above to enable.
</Note>
Integrate with Microsoft's enterprise identity platform to allow users to authenticate using their Azure Active Directory accounts. Ideal for organizations using Microsoft 365 or other Azure services, providing seamless single sign-on across your Microsoft ecosystem.
## How to Add an Identity Provider
<Note>
When using global IDPs, identity providers are created and managed via the Server Admin UI rather than the organization settings.
</Note>
<Steps>
<Step title="Navigate to Identity Providers">
In the Pangolin organization, select the "Identity Providers" section in the sidebar.
</Step>
<Step title="Add New Provider">
Click on the "Add Identity Provider" button.
</Step>
<Step title="Select Type">
Select the type of identity provider you want to add (OAuth2/OIDC, Google, Azure Entra ID).
</Step>
<Step title="Set up Auto Provisioning (Optional)">
Select the "Auto Provision Users" checkbox to automatically provision users and assign roles in Pangolin when they log in using an external identity provider. See [Auto Provision](/manage/identity-providers/auto-provisioning) for more information.
If this is disabled, you will need to pre-provision a user in Pangolin before they can log in using an external identity provider.
</Step>
<Step title="Configure Settings">
Fill in the required fields for the selected identity provider type.
</Step>
</Steps>
## Custom Login Page
You can [configure a custom login page](/manage/access-control/login-page) for your organization to be served at a domain of your choice. The log in page for every resource will be served at this URL. Additionally, you can visit this url to log in to the organization itself to access the Pangolin dashboard. This is particularly useful for identity providers because it creates a place for your users to go to select the identity provider of choice to access the Pangolin dashboard.
## Auto Provisioning
See [Auto Provision](/manage/identity-providers/auto-provisioning) for more information on how to automatically provision users and assign orgs and roles in Pangolin when they log in using an external identity provider.
Reference in New Issue View Git Blame Copy Permalink