Authentication settings

• Use OpenID – enable OpenID for OAuth endpoint

• Self-signed cert – Force OAuth to validate self-signed certificate from provided certificates

• Server URL – URL where current DQM deployment is hosted

• Auth endpoint – OAuth server authentication endpoint

• Token endpoint – OAuth server token endpoint

• Client ID – OAuth client ID

• Client Secret – OAuth client secret (Can be entered, when key icon is green)

• Scope – OAuth authorization scope

• Username field – OAuth username field

Examples:

Google OAuth

Okta OAuth

tip

Certification file must be added when using ldaps (ldap over TLS/SSL)

• Server – LDAP server, either ldap or ldaps (when using custom port you can include it in the url)

• Base DN – LDAP server root distinguished name (If group name has whitespaces then wrap it between quotes e.g. OU=”group name”)

• User DN – Optional user DN which will be prepended to base DN for user search

• Group DN – Optional group DN which will be prepended to base DN for group search

• Group filter – For LDAP we can do additional query to see if user belongs to a certain group. For example:

  (&(objectClass=groupOfUniqueNames)(uniqueMember=uid={username},ou=people,dc=selectzero,dc=io)(cn=developers))

  • objectClass - searchable object class 'groupOfUniqueNames'

  • uniqueMember - LDAP group unique member attribute, where {username} is the placeholder

  • cn - group where we want to search the member from

• Search by – LDAP filter for search user (for example uid)

• Name field – If "Create user on first log in" is enabled, we can assign display name from user attribute

tip

Certification file must be added when using ldaps (ldap over TLS/SSL)

• Server – AD server, either ldap or ldaps (when using custom port you can include it in the url)

• Base DN – AD server root distinguished name (If group name has whitespaces then wrap it between quotes e.g. OU=”group name”)

• Group filter – For AD we can include filter with our AD user query for checking user group. For example:

  (memberOf=CN=Developers,OU=Groups,DC=selectzero,DC=io)

  • memberOf - group DN to search for

• Search by – AD filter for search user (for example sAMAccountName)

• Name field – If "Create user on first log in" is enabled, we can assign display name from user attribute

• Domain – AD domain