SSO Using Dex ENTERPRISE
This page explains how to configure Dex and then configure Styra.
Dex acts as a "shim" for a variety of back-end identity providers. The configuration details will vary depending on the backend identity provider, so you should refer to the current documentation for Dex, found here. Dex may be run stand alone, or in a container. Configure Dex with the appropriate identity management connector as described in the connectors section.
Ensure that an IPV4 TCP connection exists between the Dex server and Syra DAS on the required ports. (default 5555:5556)
Go to your Workspace, click Access Control >> Single Sign-On Providers and then click OpenID Connect >> + Add OpenID Connect Provider.
Enter the form with the following details:
- Provider name: Choose anything that is meaningful.
- Issuer URL: Supply the URL of the Dex Server.
- Client ID: Supply the Client ID value from the identity provider.
- Client Secret: Copy the Client secret from the identity provider.
- Allowed Domains: Type the allowed authentication domain(s) of your users. For example, retail.acme.com. If the identity provider supports multiple domains, only users with these domains are allowed to access the service.
- Invited users only: If enabled, the authenticated user must have a pre-existing account in the service. If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned this user to the Styra application).
- Enabled: set it to TRUE.
If you selected just-in-time provisioning for the users, you can now logout and sign-in again. The configured identity provider is now displayed on the login screen above the username and password.