Comment on page
External Authorization

General OpenID Connect (OIDC) configuration
1. Open terminal and go to the Supervisely configs folder
$ cd $(sudo supervisely where)
2. Create openid.yml file with external service credentials
<provider_name>:
  metadata_url: <metada_url>
  client_id: <client_id>
  client_secret: <client_secret>
​
  # optional
  http_proxy: <proxy url>
  https_proxy: <proxy url>
  icon: <url> / <base64> / <svg> (login button icon)
  login_label: <login_label> (login button label)
  extra_scope: <array> (list of additional scopes) # deprecated, use extra_settings.scope
  extra_settings: # <optional object if specific settings are required>
    scope: <array> (list of additional scopes)
    token_endpoint_auth_method: <string>
    acr_values: <string>
3. Create docker-compose.override.yml file
version: '2.4'
​
services:
  api:
    environment:
      DOMAIN: <https_instance_domain>
    volumes:
    - <path_to_folder>/openid.yml:/openid.yml:ro
Notice: if you update the openid.yml file later then you need to execute sudo supervisely restart api instead of up -d
4. Execute following command
$ sudo supervisely up -d
5. Go to your authorization service and add new redirect (callback) URI <https_instance_domain>/api/account/auth/<provider_name>/callback where:
https_instance_domain - domain, that you specified in docker-compose.override.yml
provider_name - name, that you specified in openid.yml
Microsoft Azure Active Directory
First you need to register app and configure web API access.
On Add redirect URI(s) step add new URI <https_instance_domain>/api/account/auth/microsoft/callback
openid.yml
microsoft:
  metadata_url: https://login.microsoftonline.com/568427e8-****-****-****-************/.well-known/openid-configuration
  client_id: 7006e956-****-****-****-************
  client_secret: j2Hy-***************************
docker-compose.override.yml
version: '2.4'
​
services:
  api:
    environment:
      DOMAIN: https://app.supervisely.com
    volumes:
    - <path_to_folder>/openid.yml:/openid.yml:ro
OKTA
First you need to register a new app. Click Applications -> "Create App Integration" button and then select "OIDC - OpenID Connect" and "Web Application".
Make sure that "Authorization Code" code is selected. Under Sign-in redirect URIs add a new URI <https_instance_domain>/api/account/auth/okta/callback.
You can find metadata_url by clicking on your account name in the top right corner.
Copy and save your client ID and client Secret. You can now proceed with modifications on the server-side.
openid.yml
okta:
  metadata_url: https://<subdomain from okta>.okta.com
  client_id: <client_id>
  client_secret: <client_secret>
docker-compose.override.yml
version: '2.4'
​
services:
  api:
    environment:
      DOMAIN: https://app.supervisely.com
    volumes:
    - <path_to_folder>/openid.yml:/openid.yml:ro
LDAP
1. Open terminal and go to the Supervisely configs folder
$ cd $(sudo supervisely where)
2. Create docker-compose.override.yml file
version: '2.4'
​
services:
  api:
    environment:
      LDAP_SERVER_URL: <server_url>
      LDAP_BIND_DN: <bind_dn>
      LDAP_DN_CREDENTIALS: <password_for_bind_dn>
      LDAP_SEARCH_FILTER: <search_filter>
      LDAP_SEARCH_BASE: <search_base>
3. Execute the following command
$ sudo supervisely up -d
docker-compose.override.yml example
version: '2.4'
​
services:
  api:
    environment:
      LDAP_SERVER_URL: ldap://example:389
      LDAP_BIND_DN: cn=root
      LDAP_DN_CREDENTIALS: secret
      LDAP_SEARCH_FILTER: (uid={{username}})
      LDAP_SEARCH_BASE: dc=example, dc=org
Remote Storage
CDN
Last modified 3mo ago