diff --git a/dashboard/dashboard-session-sso.md b/dashboard/dashboard-session-sso.md index 89a11d4a1d57c..ecb52bce0cfb0 100644 --- a/dashboard/dashboard-session-sso.md +++ b/dashboard/dashboard-session-sso.md @@ -92,7 +92,7 @@ Once SSO is configured for TiDB Dashboard, you can sign in via SSO by taking fol 3. You are redirected back to TiDB Dashboard to finish the sign-in. -## Example: Use Okta for TiDB Dashboard SSO sign-in +## Example 1: Use Okta for TiDB Dashboard SSO sign-in [Okta](https://www.okta.com/) is an OIDC SSO identity service, which is compatible with the SSO feature of TiDB Dashboard. The steps below demonstrate how to configure Okta and TiDB Dashboard so that Okta can be used as the TiDB Dashboard SSO provider. @@ -104,7 +104,7 @@ First, create an Okta Application Integration to integrate SSO. 2. Navigate from the left sidebar **Applications** > **Applications**. -3. Click **Create App Integration**。 +3. Click **Create App Integration**. ![Sample Step](/media/dashboard/dashboard-session-sso-okta-1.png) @@ -153,3 +153,53 @@ First, create an Okta Application Integration to integrate SSO. ![Sample Step 3](/media/dashboard/dashboard-session-sso-okta-info-3.png) Now TiDB Dashboard has been configured to use Okta SSO for sign-in. + +## Example 2: Use Auth0 for TiDB Dashboard SSO sign-in + +Similar to Okta, [Auth0](https://auth0.com/) also provides OIDC SSO identity service. The following steps describe how to configure Auth0 and TiDB Dashboard so that Auth0 can be used as the TiDB Dashboard SSO provider. + +### Step 1: Configure Auth0 + +1. Access the Auth0 administration site. + +2. Navigate on the left sidebar **Applications** > **Applications**. + +3. Click **Create App Integration**. + + ![Create Application](/media/dashboard/dashboard-session-sso-auth0-create-app.png) + + In the popped-up dialog, fill **Name**, for example, "TiDB Dashboard". Choose **Single Page Web Applications** in **Choose an application type**. Click **Create**. + +4. Click **Settings**. + + ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-1.png) + +5. Fill **Allowed Callback URLs** as follows: + + ``` + http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1 + ``` + + Replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in your browser. + +6. Fill **Allowed Logout URLs** as follows: + + ``` + http://DASHBOARD_IP:PORT/dashboard/ + ``` + + Similarly, replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port. + + ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-2.png) + +7. Keep the default values for other settings and click **Save Changes**. + +### Step 2: Obtain OIDC information and fill in TiDB Dashboard + +1. Fill **OIDC Client ID** of TiDB Dashboard with **Client ID** in **Basic Information** under the **Settings** tab of Auth0. + +2. Fill **OIDC Discovery URL** with the **Domain** field value prefixed with `https://` and suffixed with `/`, for example, `https://example.us.auth0.com/`. Complete authorization and save the configuration. + + ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-3.png) + +Now TiDB Dashboard has been configured to use Auth0 SSO for sign-in. diff --git a/media/dashboard/dashboard-session-sso-auth0-create-app.png b/media/dashboard/dashboard-session-sso-auth0-create-app.png new file mode 100644 index 0000000000000..74fc2fe50470e Binary files /dev/null and b/media/dashboard/dashboard-session-sso-auth0-create-app.png differ diff --git a/media/dashboard/dashboard-session-sso-auth0-settings-1.png b/media/dashboard/dashboard-session-sso-auth0-settings-1.png new file mode 100644 index 0000000000000..4ee9b4fcef17c Binary files /dev/null and b/media/dashboard/dashboard-session-sso-auth0-settings-1.png differ diff --git a/media/dashboard/dashboard-session-sso-auth0-settings-2.png b/media/dashboard/dashboard-session-sso-auth0-settings-2.png new file mode 100644 index 0000000000000..5a3fe11915db8 Binary files /dev/null and b/media/dashboard/dashboard-session-sso-auth0-settings-2.png differ diff --git a/media/dashboard/dashboard-session-sso-auth0-settings-3.png b/media/dashboard/dashboard-session-sso-auth0-settings-3.png new file mode 100644 index 0000000000000..c340088308815 Binary files /dev/null and b/media/dashboard/dashboard-session-sso-auth0-settings-3.png differ