sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-22 10:26:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update IdP sync doc (#118)

Browse Source
This commit is contained in:
Misha Bragin
2024-01-02 20:21:25 +01:00
committed by GitHub
parent ab22272390
commit aee8cbd1ce
2 changed files with 49 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
misc/idp-sync/api.md
View File

@@ -6,19 +6,19 @@ This reference provides detailed information on managing integrations via NetBir
## Authentication ## Authentication
Authentication is required for all API requests. Please refer to the [authentication guideline](https://docs.netbird.io/how-to/access-netbird-public-api) for how to create and authenticate API calls using Personal Access Tokens (PAT). Authentication is required for all API requests. Please refer to the [authentication guideline](https://docs.netbird.io/how-to/access-netbird-public-api) for how to create and authenticate API calls using Personal Access Tokens (PAT).
## Google Workspace Integration ## Google Endpoints
### Create Integration ### Create Integration
The new integration synchronization is enabled by default when created. By default, for new integration synchronization is enabled.
Request: Request:
- `serviceAccountKey`: A Base64 encoded string derived from a service account key JSON. For the creation of the service account key JSON, refer to the provided [IdP guideline](idp.md). - `service_account_key`: A Base64 encoded string derived from a service account key JSON. For the creation of the service account key JSON, refer to the provided [IdP guideline](idp.md).
Encode service account JSON to base64 by using the command: Encode service account JSON to base64 by using the command:
```shell ```shell
base64 -i <SERVICE_ACCOUNT_KEY_PATH> base64 -i <SERVICE_ACCOUNT_KEY_PATH>
``` ```
- `syncInterval`: Optional. The default value is 300 seconds. - `sync_interval`: Optional. The default value is 300 seconds.
```shell ```shell
curl --request POST \ curl --request POST \
@@ -27,7 +27,7 @@ curl --request POST \
--header 'Authorization: Token <PAT>' \ --header 'Authorization: Token <PAT>' \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--data '{ --data '{
"serviceAccountKey": "<SERVICE_ACCOUNT_KEY>", "service_account_key": "<SERVICE_ACCOUNT_KEY>",
"customerID": "<CUSTOMER_ID>" "customerID": "<CUSTOMER_ID>"
}' }'
``` ```
@@ -36,8 +36,8 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"customerId": "<CUSTOMER_ID", "customer_id": "<CUSTOMER_ID",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
``` ```
@@ -55,8 +55,8 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"customerId": "<CUSTOMER_ID", "customer_id": "<CUSTOMER_ID",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
``` ```
@@ -75,8 +75,8 @@ Response
[ [
{ {
"id": <ID>, "id": <ID>,
"customerId": "<CUSTOMER_ID>", "customer_id": "<CUSTOMER_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
] ]
@@ -102,12 +102,12 @@ Response
Updates the selected parameters for a specific integration. Updates the selected parameters for a specific integration.
Request Request
- `serviceAccountKey`: A Base64 encoded string derived from a service account key JSON.For the creation of the service account key JSON, refer to the provided [IdP guideline](idp.md). - `service_account_key`: A Base64 encoded string derived from a service account key JSON.For the creation of the service account key JSON, refer to the provided [IdP guideline](idp.md).
Encode service account JSON to base64 by using the command: Encode service account JSON to base64 by using the command:
```shell ```shell
base64 -i <SERVICE_ACCOUNT_KEY_PATH> base64 -i <SERVICE_ACCOUNT_KEY_PATH>
``` ```
- `syncInterval`: Optional. Should not be less than 300 seconds. - `sync_interval`: Optional. Should not be less than 300 seconds.
- `enabled`: Optional. Used to disable/enable the integration. - `enabled`: Optional. Used to disable/enable the integration.
```shell ```shell
@@ -117,8 +117,8 @@ curl --request PUT \
--header 'Authorization: Token <PAT>' \ --header 'Authorization: Token <PAT>' \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--data '{ --data '{
"serviceAccountKey": "<SERVICE_ACCOUNT_KEY>", "service_account_key": "<SERVICE_ACCOUNT_KEY>",
"syncInterval": 300, "sync_interval": 300,
"enabled": false "enabled": false
}' }'
``` ```
@@ -127,8 +127,8 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"customerId": "<CUSTOMER_ID>", "customer_id": "<CUSTOMER_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": false "enabled": false
} }
``` ```
@@ -167,21 +167,21 @@ Response
``` ```
## Azure AD Integration ## Azure Endpoints
Before proceeding with the setup, please ensure that you have configured Azure as per the guidelines outlined in the [IdP guideline](idp.md). Before proceeding with the setup, please ensure that you have configured Azure as per the guidelines outlined in the [IdP guideline](idp.md).
### Create Integration ### Create Integration
The new integration synchronization is enabled by default when created. By default, for new integration synchronization is enabled.
Request: Request:
- `clientSecret`: A Base64 encoded string derived from Azure Directory application client credential secret. - `client_secret`: A Base64 encoded string derived from Azure Directory application client credential secret.
Encode service account JSON to base64 by using the command: Encode service account JSON to base64 by using the command:
```shell ```shell
echo -n <CLIENT_SECRET> | base64 echo -n <CLIENT_SECRET> | base64
``` ```
- `clientId`: Azure Directory application client Id. - `client_id`: Azure Directory application client Id.
- `tenantId`: Azure Directory ID. - `tenant_id`: Azure Directory ID.
- `syncInterval`: Optional. The default value is 300 seconds. - `sync_interval`: Optional. The default value is 300 seconds.
```shell ```shell
curl --request POST \ curl --request POST \
@@ -190,9 +190,9 @@ curl --request POST \
--header 'Authorization: Token <PAT>' \ --header 'Authorization: Token <PAT>' \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--data '{ --data '{
"clientSecret": "<CLIENT_SECRET>", "client_secret": "<CLIENT_SECRET>",
"clientId": "<CLIENT_ID>", "client_id": "<CLIENT_ID>",
"tenantId": "<TENANT_ID>" "tenant_id": "<TENANT_ID>"
}' }'
``` ```
@@ -200,9 +200,9 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"clientId": "<CLIENT_ID>", "client_id": "<CLIENT_ID>",
"tenantId": "<TENANT_ID>", "tenant_id": "<TENANT_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
``` ```
@@ -220,9 +220,9 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"clientId": "<CLIENT_ID>", "client_id": "<CLIENT_ID>",
"tenantId": "<TENANT_ID>", "tenant_id": "<TENANT_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
``` ```
@@ -241,9 +241,9 @@ Response
[ [
{ {
"id": <ID>, "id": <ID>,
"clientId": "<CLIENT_ID>", "client_id": "<CLIENT_ID>",
"tenantId": "<TENANT_ID>", "tenant_id": "<TENANT_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
] ]
@@ -269,12 +269,12 @@ Response
Updates the selected parameters for a specific integration. Updates the selected parameters for a specific integration.
Request Request
- `clientSecret`: A Base64 encoded string derived from Azure Directory application client credential secret. - `client_secret`: A Base64 encoded string derived from Azure Directory application client credential secret.
Encode service account JSON to base64 by using the command: Encode service account JSON to base64 by using the command:
```shell ```shell
echo -n <CLIENT_SECRET> | base64 echo -n <CLIENT_SECRET> | base64
``` ```
- `syncInterval`: Optional. Should not be less than 300 seconds. - `sync_interval`: Optional. Should not be less than 300 seconds.
- `enabled`: Optional. Used to disable/enable the integration. - `enabled`: Optional. Used to disable/enable the integration.
```shell ```shell
@@ -284,8 +284,8 @@ curl --request PUT \
--header 'Authorization: Token <PAT>' \ --header 'Authorization: Token <PAT>' \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--data '{ --data '{
"clientSecret": "<CLIENT_SECRET>", "client_secret": "<CLIENT_SECRET>",
"syncInterval": 300, "sync_interval": 300,
"enabled": false "enabled": false
}' }'
``` ```
@@ -294,9 +294,9 @@ Response
```json ```json
{ {
"id": <ID>, "id": <ID>,
"clientId": "<CLIENT_ID>", "client_id": "<CLIENT_ID>",
"tenantId": "<TENANT_ID>", "tenant_id": "<TENANT_ID>",
"syncInterval": 300, "sync_interval": 300,
"enabled": true "enabled": true
} }
``` ```

10
misc/idp-sync/idp.md
View File

@@ -14,8 +14,8 @@ Before you start creating and configuring an Google Workspace application, ensur
- Navigate to [API Credentials](https://console.cloud.google.com/apis/credentials) page - Navigate to [API Credentials](https://console.cloud.google.com/apis/credentials) page
- Click `CREATE CREDENTIALS` at the top and select `Service account` - Click `CREATE CREDENTIALS` at the top and select `Service account`
- Fill in the form with the following values and click `CREATE` - Fill in the form with the following values and click `CREATE`
- Service account name: `NetBird` - Service account name: `NetBird`
- Service account ID: `netbird` - Service account ID: `netbird`
- Click `DONE` - Click `DONE`
<p> <p>
<img src="media/google-service-account-create.png" alt="service-account-create"/> <img src="media/google-service-account-create.png" alt="service-account-create"/>
@@ -41,8 +41,8 @@ Read how to manage and secure your service keys [here](https://cloud.google.com/
- Select `Account` on the left menu and then click `Admin Roles` - Select `Account` on the left menu and then click `Admin Roles`
- Click `Create new role` - Click `Create new role`
- Fill in the form with the following values and click `CREATE` - Fill in the form with the following values and click `CREATE`
- name: `User and Group Management ReadOnly` - name: `User and Group Management ReadOnly`
- description: `User and Group Management ReadOnly` - description: `User and Group Management ReadOnly`
- Click `CONTINUE` - Click `CONTINUE`
<p> <p>
<img src="media/google-new-admin-role.png" alt="new-admin-role"/> <img src="media/google-new-admin-role.png" alt="new-admin-role"/>
@@ -74,7 +74,7 @@ Read how to manage and secure your service keys [here](https://cloud.google.com/
Before you start creating and configuring an Azure AD application, ensure that you have the following: Before you start creating and configuring an Azure AD application, ensure that you have the following:
- User account with admin permissions: You must have an Azure AD user account with the appropriate permissions to create - User account with admin permissions: You must have an Azure AD user account with the appropriate permissions to create
and manage Azure AD applications. If you don't have the required permissions, ask your Azure AD administrator to grant them to you. and manage Azure AD applications. If you don't have the required permissions, ask your Azure AD administrator to grant them to you.
#### Step 1. Create and configure Azure AD application #### Step 1. Create and configure Azure AD application
- Navigate to [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) - Navigate to [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)