Skip to content

Commit 66f7917

Browse files
r4victorr4victor
authored
Add Okta setup guide (#1)
1 parent d4ea467 commit 66f7917

1 file changed

Lines changed: 31 additions & 0 deletions

File tree

docs/okta.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# dstack Enterprise Okta integration
2+
3+
`dstack` Enterprise supports Single Sign-On via [Okta Workforce Identity Cloud](https://www.okta.com/workforce-identity/).
4+
When Okta integration is configured, the `dstack` login page will display the **Sign in with Okta** button.
5+
After signing in with Okta for the first time, a new `dstack` user account is created and linked to the Okta account. Subsequently, users can log in to `dstack` using their Okta account without entering any `dstack`-specific credentials.
6+
7+
The `dstack` Okta integration uses the [OpenID Connect standard](https://developer.okta.com/docs/concepts/oauth-openid/) with the [Authorization Code flow](https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/) as recommended by Okta.
8+
9+
This guide shows how to set up `dstack` Enterprise with Okta.
10+
11+
## Add a private SSO integration
12+
13+
First you need to create a private SSO integration for `dstack` Enterprise in your Okta organization as described in the [Okta docs](https://developer.okta.com/docs/guides/add-private-app/openidconnect/main/).
14+
15+
1. Go to **Applications > Applications** in the Admin Console
16+
2. Click **Create App Integration**.
17+
3. Select the **OpenID Connect** in the **Sign-in method** section.
18+
4. Choose **Web Application** as the **Application type**. Click Next.
19+
5. Enter application settings:
20+
* **App integration name**: dstack Enterprise
21+
* **Grant type**: Authorization Code
22+
* **Sing-in redirect URIs**: `{DSTACK_SERVER_URL}/auth/okta/callback`, e.g. `https://enterprise-example.dstack.ai/auth/okta/callback`
23+
* **Sign-out redirect URIs**: `{DSTACK_SERVER_URL}`, e.g. `https://enterprise-example.dstack.ai/`
24+
* **Assignments**: Select "Allow everyone in your organization to access" if you have no other preferences.
25+
26+
## Configure Okta on the `dstack` server
27+
28+
To enable Okta Single Sign-On on the `dstack` server, you need to set the following environment variables:
29+
* `DSTACK_OKTA_DOMAIN` - the domain of your Okta organization, e.g. `dev-123456.okta.com`.
30+
* `DSTACK_OKTA_CLIENT_ID` - the Client ID of the `dstack` Enterprise application created in the previous step.
31+
* `DSTACK_OKTA_SECRET` - the Secret of the `dstack` Enterprise application created in the previous step.

0 commit comments

Comments
 (0)