58 lines
2 KiB
Markdown
58 lines
2 KiB
Markdown
|
---
|
||
|
title: HashiCorp Cloud Platform
|
||
|
---
|
||
|
|
||
|
<span class="badge badge--secondary">Support level: Community</span>
|
||
|
|
||
|
## What is HashiCorp Cloud
|
||
|
|
||
|
From https://cloud.hashicorp.com/
|
||
|
|
||
|
:::note
|
||
|
HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
|
||
|
:::
|
||
|
|
||
|
## Preparation
|
||
|
|
||
|
The following placeholders will be used:
|
||
|
|
||
|
- `authentik.company` is the FQDN of authentik.
|
||
|
|
||
|
### Step 1 - HashiCorp Cloud
|
||
|
|
||
|
Login in under https://portal.cloud.hashicorp.com. Navigate to the _Settings_ entry in the sidebar, then _SSO_. Enable SSO and configure domain verification for the domain your users email have.
|
||
|
|
||
|
Under _Initiate SAML integration_, copy _SSO Sign-On URL_ and _Entity ID_.
|
||
|
|
||
|
### Step 2 - authentik
|
||
|
|
||
|
In authentik, under _Providers_, create a _SAML Provider_ with these settings:
|
||
|
|
||
|
:::note
|
||
|
Only settings that have been modified from default have been listed.
|
||
|
:::
|
||
|
|
||
|
**Protocol Settings**
|
||
|
|
||
|
- Name: HashiCorp Cloud
|
||
|
- ACS URL: _Value of **SSO Sign-On URL** from above_
|
||
|
- Issuer: _Value of **Entity ID** from above_
|
||
|
- Service Provider Binding: Post
|
||
|
- Audience: _Value of **Entity ID** from above_
|
||
|
|
||
|
Open _Advanced protocol settings_, and ensure a signing certificate is selected, and all default property mappings are selected.
|
||
|
|
||
|
Create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
||
|
|
||
|
- Name: HashiCorp Cloud
|
||
|
- Slug: hashicorp-cloud
|
||
|
- Provider: HashiCorp Cloud
|
||
|
|
||
|
### Step 3 - HashiCorp Cloud
|
||
|
|
||
|
Open the Application's page in authentik and click on the provider name. Copy the value of _SSO URL (Redirect)_ and paste it into the _SAML IDP Single Sign-On URL_ field in the HashiCorp Cloud settings.
|
||
|
|
||
|
Download the certificate, open it in a text editor, and paste the contents into _SAML IDP Certificate_ in the HashiCorp Cloud settings.
|
||
|
|
||
|
Afterwards, logging in to HashiCorp Cloud with any email address ending in the domains verified above will redirect to your authentik instance, if those email addresses don't have an existing account.
|