sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-18 00:16:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Final Doc Restructure (#497)

Browse Source
This commit is contained in:
Brandon Hopkins
2025-11-27 09:50:03 -08:00
committed by GitHub
parent 846cae1fb0
commit e45bb7ce11
372 changed files with 353 additions and 536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
src/pages/selfhosted/identity-providers.mdx
View File

@@ -30,7 +30,7 @@ Create new zitadel project
- Name: `NETBIRD`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-project.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-new-project.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
Create new zitadel application
@@ -41,14 +41,14 @@ Create new zitadel application
- TYPE OF APPLICATION: `User Agent`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values and click `Continue`
- Authentication Method: `PKCE`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-new-application-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values and click `Continue`
@@ -58,14 +58,14 @@ Create new zitadel application
- Post Logout URIs: `https://<domain>/` and click `+`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-uri.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-new-application-uri.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Verify applications details and Click `Create` and then click `Close`
- Under `Grant Types` select `Authorization Code`, `Device Code` and `Refresh Token` and click `save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-overview.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-new-application-overview.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Copy `Client ID` will be used later in the `setup.env`
@@ -83,7 +83,7 @@ To configure `netbird` application token you need to:
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-token-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-token-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 3: Application Redirect Configuration
@@ -102,7 +102,7 @@ To configure `netbird` application redirect you need to:
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-redirect-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-redirect-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 4: Create a Service User
@@ -120,7 +120,7 @@ In this step we will create a `netbird` service user.
- Click `Create`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-create-user.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-create-user.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
In this step we will generate `ClientSecret` for the `netbird` service user.
@@ -129,7 +129,7 @@ In this step we will generate `ClientSecret` for the `netbird` service user.
- Copy `ClientSecret` from the dialog will be used later to set `NETBIRD_IDP_MGMT_CLIENT_SECRET` in the `setup.env`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-service-user-secret.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-service-user-secret.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 5: Grant manage-users role to netbird service user
@@ -143,7 +143,7 @@ In this step we will grant `Org User Manager` role to `netbird` service user.
- Click `Add`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-service-account-role.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/zitadel-service-account-role.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
Your authority OIDC configuration will be available under:
@@ -205,7 +205,7 @@ to your network using the [Interactive SSO Login feature](/get-started/install#r
over Keycloak.
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-auth-grant.gif" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-auth-grant.gif" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 1: Check your Keycloak Instance
@@ -229,7 +229,7 @@ To create a realm you need to:
- Click `Create`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-realm.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-create-realm.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
@@ -246,7 +246,7 @@ In this step we will create a NetBird administrator user.
- Click `Create`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-user.png" alt="high-level-dia" className="imagewrapper"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-create-user.png" alt="high-level-dia" className="imagewrapper"/>
</p>
The user will need an initial password set to be able to log in. To do this:
@@ -257,7 +257,7 @@ The user will need an initial password set to be able to log in. To do this:
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-set-password.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-set-password.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 4: Create a NetBird client
@@ -274,14 +274,14 @@ In this step we will create NetBird application client and register with the Key
- Your newly client `netbird-client` will be used later to set `NETBIRD_AUTH_CLIENT_ID` in the `setup.env`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-client.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-create-client.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Check the checkboxes as on the screenshot below and click Save
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-enable-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-enable-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 5: Adjust NetBird client access settings
@@ -301,7 +301,7 @@ In this step we will configure NetBird application client access with the NetBir
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-access-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-access-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 6: Create a NetBird client scope
@@ -319,7 +319,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-client-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-create-client-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- While in the newly created Client Scope, switch to the `Mappers` tab
@@ -327,7 +327,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
- Choose the `Audience` mapping
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-configure-audience-mapper.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values:
@@ -337,7 +337,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper-2.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-configure-audience-mapper-2.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 7: Add client scope to NetBird client
@@ -353,7 +353,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
- The value `netbird-client` will be used as audience
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloack-add-client-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloack-add-client-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 8: Create a NetBird-Backend client
@@ -370,13 +370,13 @@ In this step we will create NetBird backend client and register with the Keycloa
- Your newly client `netbird-backend` will be used later to set `NETBIRD_IDP_MGMT_CLIENT_ID` in the `setup.env`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-backend-client.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-create-backend-client.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Check the checkboxes as on the screenshot below and click Save
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-backend-client-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-backend-client-auth.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
The client will need secret to authenticate. To do this:
@@ -384,7 +384,7 @@ The client will need secret to authenticate. To do this:
- Copy `client secret` will be used later to set `NETBIRD_IDP_MGMT_CLIENT_SECRET` in the `setup.env`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-backend-client-credentials.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-backend-client-credentials.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 9: Add view-users role to netbird-backend
@@ -398,13 +398,13 @@ The client will need secret to authenticate. To do this:
- Select `Filter by clients` and search for `view-users`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-service-account-role.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-service-account-role.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Check the role checkbox and click assign
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-add-role.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/keycloak-add-role.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
<Note>
@@ -467,7 +467,7 @@ In this step, we will create OAuth2/OpenID Provider in Authentik.
- type: `OAuth2/OpenID Provider`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-provider-type.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-new-provider-type.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values and click `Finish`
@@ -486,7 +486,7 @@ In this step, we will create OAuth2/OpenID Provider in Authentik.
Take note of `Client ID`, we will use it later
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-provider-config.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-new-provider-config.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 2: Create external applications
@@ -501,7 +501,7 @@ In this step, we will create external applications in Authentik.
- Provider: `Netbird`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 3: Create service account
@@ -515,7 +515,7 @@ In this step, we will create service account.
- Create Group: `Disable`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-service-account.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-new-service-account.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Take note of the NetBird service account `username`, we will need it later.
@@ -525,7 +525,7 @@ Be sure to select the NetBird Service account object as the `User` when creating
Take note of the app password as we will need it later.
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-service-account-details.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-service-account-details.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 4: Add service account to admin group
@@ -539,7 +539,7 @@ In this step, we will add `Netbird` service account to `authentik Admins` group.
- Disable `Hide service-accounts` and verify if user `Netbird` is added to the group
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-add-user-group.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-add-user-group.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 5: Create a authentication flow for device token authentication
@@ -553,7 +553,7 @@ In this step, we will add `Netbird` service account to `authentik Admins` group.
- Authentication: `Require authentication`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-new-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Navigate to authentik admin interface
@@ -563,7 +563,7 @@ In this step, we will add `Netbird` service account to `authentik Admins` group.
- Click `Update`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-brand-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik-brand-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
Your authority OIDC configuration will be available under:
@@ -632,7 +632,7 @@ Create new PocketID OIDC Client
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/pocketid-create-oidc-client.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/pocketid-create-oidc-client.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Copy `Client ID` will be used later in the `setup.env`
@@ -650,7 +650,7 @@ To configure the application token you need to:
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/pocketid-create-api-token.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/pocketid-create-api-token.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Copy `API Key` will be used later in the `setup.env`
@@ -724,7 +724,7 @@ In this step, we will create and configure NetBird application in azure AD.
- Redirect URI: select `Single-page application (SPA)` and URI as `https://<yournetbirddomain.com>/silent-auth`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-new-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 2. Platform configurations
@@ -732,20 +732,20 @@ In this step, we will create and configure NetBird application in azure AD.
- Under the `Single-page application` Section, add another URI `https://<yournetbirddomain.com>/auth`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Scroll down and setup other options as on the screenshot below and click Save
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-flows-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-flows-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `Add a Platform` and select `Mobile and desktop applications`
- Fill in the form with the following values and click Configure
- Custom redirect URIs: `http://localhost:53000`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 3. Create a NetBird application scope
@@ -756,7 +756,7 @@ In this step, we will create and configure NetBird application in azure AD.
- Scope name: `api`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-add-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-add-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Under `Authorized client Applications`, click on `+ add a client application` and enter the following:
@@ -764,7 +764,7 @@ In this step, we will create and configure NetBird application in azure AD.
- Client ID: same as your Application ID URI minus the `api://`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-add-application-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-add-application-scope.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
@@ -776,7 +776,7 @@ Add `Netbird` permissions
- Click `My APIs` tab, and select `Netbird`. Next check `api` permission checkbox and click `Add permissions`.
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-netbird-api-permisssions.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-netbird-api-permisssions.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
Add `Delegated permissions` to Microsoft Graph
@@ -786,14 +786,14 @@ Add `Delegated permissions` to Microsoft Graph
- In `Select permissions` search for `User.Read` and under the `User` section select `User.Read.All` and click `Add permissions`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-openid-permissions.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-openid-permissions.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `Grant admin consent for Default Directory` and click `Yes`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-grant-admin-conset.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-grant-admin-conset.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 5. Update token version
@@ -809,7 +809,7 @@ Add `Delegated permissions` to Microsoft Graph
- Copy `Value` and save it as it can be viewed only once after creation.
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-client-secret.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/azure-client-secret.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `Overview` on left menu and take note of `Application (client) ID`, `Object ID` and `Directory (tenant) ID`
@@ -870,7 +870,7 @@ In this step, we will create and configure Netbird single-page application in ok
- Application type: `Single-Page Application`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-new-single-page-application.png" alt="high-level-dia" className="imagewrapper"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-new-single-page-application.png" alt="high-level-dia" className="imagewrapper"/>
</p>
- Fill in the form with the following values and click `Save`
@@ -881,7 +881,7 @@ In this step, we will create and configure Netbird single-page application in ok
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-single-page-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-single-page-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Navigate to Okta Admin Dashboard
@@ -892,7 +892,7 @@ In this step, we will create and configure Netbird single-page application in ok
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-single-sign-on-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-single-sign-on-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 2. Create and configure Okta native application
@@ -905,7 +905,7 @@ In this step, we will create and configure Netbird native application in okta.
- Application type: `Native Application`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-new-native-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-new-native-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values and click `Save`
@@ -914,7 +914,7 @@ In this step, we will create and configure Netbird native application in okta.
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-native-application.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-native-application.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Navigate to Okta Admin Dashboard
@@ -925,7 +925,7 @@ In this step, we will create and configure Netbird native application in okta.
- Click `Save`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-native-sign-on-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-native-sign-on-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
@@ -941,7 +941,7 @@ In this step, we will generate netbird api token in okta for authorizing calls t
- Take note of token value and click `OK, got it`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/okta-generate-token.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/okta-generate-token.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
@@ -998,7 +998,7 @@ Before you start creating and configuring an Google Workspace application, ensur
- Navigate to [OAuth consent](https://console.cloud.google.com/apis/credentials/consent) page
- Select `Internal` User Type and click create
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-consent-screen-type.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-consent-screen-type.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill in the form with the following values and click `SAVE AND CONTINUE`
@@ -1009,12 +1009,12 @@ Before you start creating and configuring an Google Workspace application, ensur
- Click `ADD OR REMOVE SCOPES`
- Select `/auth/userinfo.email`, `/auth/userinfo.profile` and `openid` scopes and then click `UPDATE`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-consent-screen-scopes.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-consent-screen-scopes.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `SAVE AND CONTINUE`
- Verify the summary of the OAuth consent screen to ensure that everything is properly configured, and then click `BACK TO DASHBOARD`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-consent-screen-summary.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-consent-screen-summary.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 2: Create OAuth 2.0 credentials
@@ -1026,11 +1026,11 @@ Before you start creating and configuring an Google Workspace application, ensur
- Authorized JavaScript origins: `https://<your netbird domain>` and `http://localhost`
- Authorized redirect URIs: `https://<your netbird domain>/auth`, `https://<your netbird domain>/silent-auth` and `http://localhost:53000`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-oauth-client.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-oauth-client.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Take note of `Client ID` and `Client Secret` and click `OK`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-oauth-client-created.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-oauth-client-created.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 3: Create service account
@@ -1042,14 +1042,14 @@ Before you start creating and configuring an Google Workspace application, ensur
- Take note of service account email address, we will use it later
- Click `DONE`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-create.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-service-account-create.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 4: Create service account keys
- Navigate to [API Credentials](https://console.cloud.google.com/apis/credentials) page
- Under `Service Accounts` click the `netbird` to edit the service account
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-edit-service-account.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-edit-service-account.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click the `Keys` tab
- Click the `Add key` drop-down menu, then select `Create new key`
@@ -1071,23 +1071,23 @@ Read how to manage and secure your service keys [here](https://cloud.google.com/
- description: `User Management ReadOnly`
- Click `CONTINUE`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-new-role-info.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-new-role-info.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Scroll down to `Admin API privileges` and add the following privileges
- Users: `Read`
- Click `CONTINUE`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-privileges-review.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-privileges-review.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Verify preview of assigned Admin API privileges to ensure that everything is properly configured, and then click `CREATE ROLE`
- Click `Assign service accounts`, add service account email address and then click `ADD`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-assign-role.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-assign-role.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `ASSIGN ROLE` to assign service account to `User Management ReadOnly` role
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-privileges.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/google-service-account-privileges.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Navigate to [Account Settings](https://admin.google.com/ac/accountsettings/profile?hl=en_US) page and take note of `Customer ID`
@@ -1194,14 +1194,14 @@ You can enable it by following these steps:
- Click `Create`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-create-interactive-login-app.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-create-interactive-login-app.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `Settings` tab
- Copy **`Client ID`** to `NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID` in the `setup.env` file
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-interactive-login-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-interactive-login-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Scroll down to the `Advanced Settings` section
@@ -1209,7 +1209,7 @@ You can enable it by following these steps:
- Click `Save Changes`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-grant-types.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-grant-types.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
#### Step 5: Create and configuire Machine to Machine application.
@@ -1224,7 +1224,7 @@ This application will be used to authorize access to Auth0 Management API.
- Click `Create`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-create-machine-app.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-create-machine-app.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Fill the form with the following values:
@@ -1233,7 +1233,7 @@ This application will be used to authorize access to Auth0 Management API.
- Click `Authorize`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-machine-authorization.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-machine-authorization.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
<Note>
@@ -1249,7 +1249,7 @@ To enable this functionality, include the `--user-delete-from-idp` flag in the m
- Copy **`DOMAIN`** to `NETBIRD_IDP_MGMT_EXTRA_AUDIENCE` in the `setup.env` file
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-machine-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/auth0-machine-settings.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Set properties in the `setup.env` file:
@@ -1287,23 +1287,23 @@ Before you start creating and configuring an JumpCloud application, ensure that
- Click `SSO Applications` on the left menu under `USER AUTHENTICATION` section
- Click `Add New Application` and select `Custom Application`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-new-sso-app.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-new-sso-app.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- On the `Which application would you like to integrate` screen, confirm that you've selected `Custom application` and click `Next`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-new-sso-app-confirm-selection.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-new-sso-app-confirm-selection.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- On the `Select the features you would like to enable` screen, select `Manage Single Sign-On (SSO)` and check `Configure SSO with OIDC` and click `Next`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-new-sso-app-features.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-new-sso-app-features.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- On the `Enter General info` screen, add `NetBird` as `Display Label` and click `Next`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-new-sso-app-general-info.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-new-sso-app-general-info.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- On the confirmation screen, review the information and click on `Configure Application` to proceed
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-new-sso-app-confirmation.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-new-sso-app-confirmation.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- On the `New Application` screen, click on the SSO tab and enter the following values:
- Under `Endpoint Configuration` section:
@@ -1312,20 +1312,20 @@ Before you start creating and configuring an JumpCloud application, ensure that
- Login URL: `https://<domain>`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-sso-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-sso-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Under `Attribute Mapping (optional)` section:
- Standard Scopes: `Email`, `Profile`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-sso-atributes-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-sso-atributes-configuration.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click on the `User Groups` tab and select the user groups that can access this application
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-user-groups.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-user-groups.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Click `Activate`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-oidc-app.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-oidc-app.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Take note of `Client ID`, will be used later
@@ -1349,7 +1349,7 @@ The following steps will assume that you are creating a new account. If you alre
please ensure that you assign the `Help Desk` role to the `NetBird Integration` user following the steps outlined above.
</Note>
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-add-admin-user.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-add-admin-user.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
After following the steps above, you will receive the login instructions for the newly created user in the email configured. Please follow the instructions to set a password for the user.
@@ -1361,12 +1361,12 @@ In this step, we will generate netbird api token in jumpcloud for authorizing ca
- Login with the user created in the previous step or with an existing user
- Click on the account initials displayed at the top-right and select `My API Key` from the drop-down
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-profile.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-profile.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- If there is no API key generated, click on `Generate New API Key` button
- Take note of your api token displayed
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/jumpcloud-api-key-generation.png" alt="high-level-dia" className="imagewrapper-big"/>
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/jumpcloud-api-key-generation.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Set properties in the `setup.env` file:

2
src/pages/selfhosted/self-hosted-vs-cloud-netbird.mdx
View File

@@ -40,7 +40,7 @@ some additional features that are targeted at business customers and help with n
- **[Integrations with EDR](/manage/access-control/endpoint-detection-and-response)** like CrowdStrike and others.
- **[Peer approval](/manage/peers/approve-peers)** to join the network.
- **[User invites](/manage/team/add-users-to-your-network#direct-user-invites)**.
- **[MSP functionality](/how-to/msp-portal)** for managing multiple tenant networks from a single account.
- **[MSP functionality](/manage/for-partners/msp-portal)** for managing multiple tenant networks from a single account.
## Geo Distributed Relay Servers

4
src/pages/selfhosted/troubleshooting.mdx
View File

@@ -12,12 +12,12 @@ configuration as follows:
Please replace <b>netbird.DOMAIN.com</b> and <b>PASSWORD</b> with the information from the <b>management.json</b> TURNConfig, then click on <b>Add server</b>.
<p>
<img src="/docs-static/img/troubleshooting/turn.png" alt="turn" width="700" className="imagewrapper"/>
<img src="/docs-static/img/selfhosted/troubleshooting/turn.png" alt="turn" width="700" className="imagewrapper"/>
</p>
You should see an output similar to the following:
<p>
<img src="/docs-static/img/troubleshooting/turn-test-out.png" alt="turn" width="700" className="imagewrapper-nig"/>
<img src="/docs-static/img/selfhosted/troubleshooting/turn-test-out.png" alt="turn" width="700" className="imagewrapper-nig"/>
</p>
Where you have the following types: `host` (local address), `srflx` (STUN reflexive address), `relay`
(TURN relay address). If `srflx` and `relay` are not present then the TURN server is not working or not accessible and you should review the required ports in the [requirements section](/selfhosted/selfhosted-guide#requirements).