From a10e67bc0adab0ddbfeb02e9697d9895cb2366c9 Mon Sep 17 00:00:00 2001 From: dishanktiwari2501 Date: Tue, 16 Jan 2024 12:01:49 +0530 Subject: [PATCH] updated the SaaS pages Signed-off-by: dishanktiwari2501 --- content/sass/_index.md | 182 +++++++++++----------------- content/sass/get_started.md | 188 ++++++++++++++++++----------- content/sass/opsworks_migration.md | 59 +++++++++ content/sass/sso.md | 78 ++++++------ 4 files changed, 284 insertions(+), 223 deletions(-) diff --git a/content/sass/_index.md b/content/sass/_index.md index f11f36ce04..cb66875a97 100644 --- a/content/sass/_index.md +++ b/content/sass/_index.md @@ -13,168 +13,126 @@ draft = false weight = 10 +++ -This getting started guide will walk through the necessary setup and configuration for Chef SaaS to connect and begin to utilize of the solution. -## Prerequisites -1. A System to install Chef Workstation - * Supported Platforms and System Requirements - https://docs.chef.io/workstation/install_workstation/ -1. Chef SaaS Starter Kit (Provided by Progress Chef) - * SaaS Environment URL - * SaaS Credentials +This guide is a quick start for Chef SaaS. - * Pivotal PEM file for the initial setup of the environment (this PEM is only temporary and will be replaced in a later step) +## Quick Start for Automate SAAS -## Connect to Chef SaaS +Steps to start your Automate SaaS journey is given below: -Connect to the URL provided by Progress Chef and login with the admin account credentials to ensure that the environment is ready to be configured. +{{< note >}} Prerequisites: Workstation setup already installed. {{< /note >}} -## Add an Infra Server in Chef SaaS Web UI +1. Once you have the credentials, verify it by logging in to the environment through the Automate user interface. -Connected to the Chef SaaS Automate Web User Interface, following these steps to add the Infra Server to the environment. +1. Once you have logged in, test the `admin` user and connect their Workstation to SaaS. -1. Select Infrastructure in the top navigation. +If you do not have a workstation setup, follow the steps given below: -1. Select Chef Infra Servers in the left-hand navigation. +1. [Install](https://downloads.chef.io/tools/workstation) Chef Workstation. -1. Click Add Chef Infra Server +1. You will receive an e-mail in your provided mail id. The e-mail contains the server information. Use the server information to create your connection to Automate SaaS. -1. Enter the following fields: +1. Once you are connected, start connecting the nodes to Automate SaaS. - * Provide a unique Name for the Chef Infra Server. +## Workstation Test - * Ensure that the Type selected is FQDN. +To start with the Workstation Test, go through the [Getting Started](https://docs.chef.io/workstation/getting_started/) section of Workstation. - * Enter the FQDN by copying the same URL that was used to connect to the Automate Web User Interface. (Example: mycompany-demo.saas.chef.io) +### Configure Your User Credentials File - IMAGE +Your `.chef` directory contains a credentials file for communicating with the **Chef Infra Server**. You can generate the `.chef` file by running Knife Configure or by following the prompts. -1. Select Add Chef Infra Server. +The knife configure command requires the following values: -## Download Chef Workstation +* **Chef Server URL:** The full URL to your Chef Infra Server including the `org`. +* **Client Name:** The client name of the Server Administrator created for you. -https://downloads.chef.io/tools/workstation - -## Install Chef Workstation - -https://docs.chef.io/workstation/install_workstation/ - -## Setup Chef Workstation - -### Setup Chef Repo - -If you’re setting up Chef for the very first time in your organization, then you will need a Chef Infra repository for saving your cookbooks and other work. The chef-repo is a directory on your workstation that stores everything you need to define your infrastructure with Chef Infra: - -1. Cookbooks (including recipes, attributes, custom resources, libraries, and templates) - -1. Data bags - -1. Policyfiles - -Use the chef generate repo command to create your Chef Infra repository. For example, to create a repository called chef-repo: +Your Chef administrator should provide the following information: ```sh -chef generate repo chef-repo +current_dir = File.dirname(__FILE__) +log_level :info +log_location STDOUT +node_name "hshefu" +client_key "#{current_dir}/hshefu.pem" +chef_server_url https://api.chef.io/organizations/4thcafe-web-team +cookbook_path ["#{current_dir}/../cookbooks"] ``` -### Setup Chef Credentials file - -To continue with the configuration of Workstation with Chef SaaS, a credentials file must be created. This file will be updated with new credentials that are created later in the setup. - -1. On workstation run: knife configure init - -1. This will prompt you with several questions: - - * Enter the Chef Server URL provided in the Starter Kit (Example: mycompany-demo.saas.chef.io) - - * For the existing username or clientname for the API, enter pivotal which is the Super User account provided in the Starter Kit. - -1. Ensure that the pivotal.pem file provided in the Starter Kit is copied to the ~/.chef directory prior to running any additional commands with Knife. - -The credentials file that gets created in the ~/.chef directory should look similar to this: - -IMAGE +Use the `chef_server_url` and `node_name` values from the file when running knife configure. -### Create Organization in CLI - -A Chef Organization must be added to Infra Server and acts as a top-level entity for role-based access control. Use the knife org create command to create your Chef Organization. For example, to create an Organization called myorg: - -```sh -Knife org create myorg “My New Organization” -``` - -The private key for the organization’s validator client is returned. - -### Create User in CLI - -A new user must be created which will be associated with the new Chef Organization and will be leveraged in the credentials file. Use the knife user create command to create your new user account. For example, to create a User named chefadmin: - -```sh -knife user create chefadmin --first-name Chef --last-name Admin --email chefadmin@mycompany.com –password securepassword -f chefadmin.pem -``` - -Ensure the new chefadmin.pem file that is created with this command is copied to the ~/.chef directory prior to updating credentials file later in this document. - -### Add New User to Organization in CLI - -Now that the Organization and User are created, the two must be associated together. Use the knife org user command to add the user to an organization. For example, to add the User named chefadmin to the Organization called myorg: - -```sh -knife org user add myorg chefadmin -``` +## Verify Client-to-Server Communication -### Update Credentials file to use new account +To verify that the Chef Workstation can connect to the Chef Infra Server: -The credentials file located under the ~/.chef directory on Chef Workstation needs to be updated to reflect the new Organization, User, and PEM file. +Run the following command on the command line: -1. Navigate to ~/.chef +### Knife Client List -1. Modify the credentials file +### Workstation Setup - * Change the client_name to the new account that was created (Example: chefadmin) +1. To set up the workstation on your instance follow these steps: - * Change the client_key to the new PEM file that was created (Example: ‘home/admin/.chef/chefadmin.pem’ + * Install the latest version of Chef Workstation on the Ubuntu system. Install the version using the command shown below: - * Change the chef_server_url to include the new Organization (Example: ‘https://mycompany-demo.saas.chef.io/organizations/myorg’ + ```sh + wget https://packages.chef.io/files/stable/chef-workstation/21.2.524/ubuntu/20.04/chef-workstation_21.2.524-1_amd64.deb + ``` - * Save and Quit + * For Deb packaging run the following command: - IMAGE + ```sh + dpkg -i chef-workstation_21.2.524-1_amd64.deb + ``` -### Create Organization in Web User Interface + * Verify installation by running the following command: -The following steps will add the Organization in the Chef SaaS Web User Interface to allow for visualization of Cookbooks, Data Bags, Nodes, Policyfiles, etc. Connect to the URL provided by Progress Chef and login with the admin account credentials. + ```sh + chef -v + ``` -1. Select Infrastructure in the top navigation. + For additional information refer to the [Install Workstation](https://docs.chef.io/workstation/install_workstation/) page. -1. Select Chef Infra Servers in the left-hand navigation. + * Generate `chef-repo` using the following command: -1. Select the Infra Server that was created earlier. + ```sh + chef generate repo chef-repo + ``` -1. Click Add Chef Organization. + For additional information refer to the [Getting Started](https://docs.chef.io/workstation/getting_started/) page of Workstation. - * Provide the Name of the Organization that was created earlier in the CLI. (Example: myorg) + * Paste the `pem` file of user inside `/root/.chef/`. - * For Admin User, enter the new account that was created earlier (Example: chefadmin) + * Paste the `pem` file of node you want to bootstrap inside `/root/.ssh/`. - * For Admin Key, paste the contents of the new PEM file that was created along with the account (Example: chefadmin.pem) + * Edit credentials file using the following command: - * Click Add Chef Organization + ```sh + vi /root/.chef/credentials + ``` -IMAGE + Provide the name of the user created in **chef_server**, the correct path of `pem` file of the user, and the chef server URL and organization name. -### Run Knife SSL Check + ```sh + [default] + client_name = "" + client_key = "/root/.chef/" + chef_server_url = "https://demo-server.saas.chef.io/organizations//" + ``` -Chef SaaS leverages public certificates to ensure a secure connection to the service. It is always best to run an SSL check on Workstation to verify that the certificate is trusted to eliminate any connection issues. + * Run bootstrap command using the following command: -1. Run the following command: knife ssl check and ensure a successful message is displayed. + ```sh + knife bootstrap -i ~/ -U ubuntu -N --sudo + ``` -### Run Knife client list +* **Public IP**: Public IP is the IP address of node which we are bootstrapping. -Lastly, run a client list command to verify that a successful connection can be made to the new organization. +* **pem_file_of_node**: `pem` file of node which we have saved at `/root/.ssh/`. -1. Run the following command: knife client list and ensure a validator entry is returned (Example: myorg-validator) +* **name_of_node**: You can provide any name to your node. diff --git a/content/sass/get_started.md b/content/sass/get_started.md index 0c8005751d..d3a30fb4a5 100644 --- a/content/sass/get_started.md +++ b/content/sass/get_started.md @@ -1,7 +1,6 @@ +++ title = "Get Started with Chef SaaS" draft = false - [menu] [menu.saas] title = "Get Started" @@ -10,120 +9,167 @@ draft = false weight = 20 +++ -This guide is a quick start for Chef SaaS. +This getting started guide will walk through the necessary setup and configuration for Chef SaaS to connect and begin to utilize the solution. + +## Prerequisites + +1. A System to install Chef Workstation + + * Supported Platforms and System Requirements - https://docs.chef.io/workstation/install_workstation/ + +1. Chef SaaS Starter Kit (Provided by Progress Chef) + + * SaaS Environment URL + + * SaaS Credentials + + * Pivotal PEM file for the initial setup of the environment (this PEM is only temporary and will be replaced in a later step) + +## Connect to Chef SaaS + +Connect to the URL provided by Progress Chef and log in with the admin account credentials to ensure that the environment is ready to be configured. -## Quick Start for Automate SAAS +## Add an Infra Server in Chef SaaS Web UI -Steps to start your Automate SaaS journey is given below: +Connected to the Chef SaaS Automate Web User Interface, following these steps to add the Infra Server to the environment. -{{< note >}} Prerequisites: Workstation setup already installed. {{< /note >}} +1. Select Infrastructure in the top navigation. -1. Once you have the credentials, verify it by logging in to the environment through the Automate user interface. +1. Select Chef Infra Servers in the left-hand navigation. -1. Once you have logged in, test the `admin` user and connect their Workstation to SaaS. +1. Click Add Chef Infra Server -If you do not have a workstation setup, follow the steps given below: +1. Enter the following fields: -1. [Install](https://downloads.chef.io/tools/workstation) Chef Workstation. + * Provide a unique Name for the Chef Infra Server. -1. You will receive an e-mail in your provided mail id. The e-mail contains the server information. Use the server information to create your connection to Automate SaaS. + * Ensure that the Type selected is FQDN. -1. Once you are connected, start connecting the nodes to Automate SaaS. + * Enter the FQDN by copying the same URL used to connect to the Automate Web User Interface. (Example: mycompany-demo.saas.chef.io) -## Workstation Test + IMAGE -To start with the Workstation Test, go through the [Getting Started](https://docs.chef.io/workstation/getting_started/) section of Workstation. +1. Select Add Chef Infra Server. -### Configure Your User Credentials File +## Download Chef Workstation -Your `.chef` directory contains a credentials file for communicating with the **Chef Infra Server**. You can generate the `.chef` file by running Knife Configure or by following the prompts. +https://downloads.chef.io/tools/workstation -The knife configure command requires the following values: +## Install Chef Workstation -* **Chef Server URL:** The full URL to your Chef Infra Server including the `org`. -* **Client Name:** The client name of the Server Administrator created for you. +https://docs.chef.io/workstation/install_workstation/ -Your Chef administrator should provide the following information: +## Setup Chef Workstation + +### Setup Chef Repo + +If you’re setting up Chef for the very first time in your organization, then you will need a Chef Infra repository for saving your cookbooks and other work. The chef-repo is a directory on your workstation that stores everything you need to define your infrastructure with Chef Infra: + +1. Cookbooks (including recipes, attributes, custom resources, libraries, and templates) + +1. Data bags + +1. Policyfiles + +Use the chef generate repo command to create your Chef Infra repository. For example, to create a repository called chef-repo: ```sh -current_dir = File.dirname(__FILE__) -log_level :info -log_location STDOUT -node_name "hshefu" -client_key "#{current_dir}/hshefu.pem" -chef_server_url https://api.chef.io/organizations/4thcafe-web-team -cookbook_path ["#{current_dir}/../cookbooks"] +chef generate repo chef-repo ``` -Use the `chef_server_url` and `node_name` values from the file when running knife configure. +### Setup Chef Credentials file + +To continue configuring Workstation with Chef SaaS, a credentials file must be created. This file will be updated with new credentials that are created later in the setup. + +1. On the workstation run: knife configure init + +1. This will prompt you with several questions: + + * Enter the Chef Server URL provided in the Starter Kit (Example: mycompany-demo.saas.chef.io) -## Verify Client-to-Server Communication + * For the existing username or clientname for the API, enter pivotal which is the Super User account provided in the Starter Kit. -To verify that the Chef Workstation can connect to the Chef Infra Server: +1. Ensure that the pivotal.pem file provided in the Starter Kit is copied to the ~/.chef directory before running any additional commands with Knife. + +The credentials file that gets created in the ~/.chef directory should look similar to this: + +IMAGE + +### Create Organization in CLI + +A Chef Organization must be added to the Infra Server and act as a top-level entity for role-based access control. Use the knife org create command to create your Chef Organization. For example, to create an Organization called myorg: + +```sh +Knife org create myorg “My New Organization” +``` + +The private key for the organization’s validator client is returned. + +### Create a User in CLI + +A new user must be created which will be associated with the new Chef Organization and will be leveraged in the credentials file. Use the knife user create command to create your new user account. For example, to create a User named chefadmin: + +```sh +knife user create chefadmin --first-name Chef --last-name Admin --email chefadmin@mycompany.com –password securepassword -f chefadmin.pem +``` + +Ensure the new chefadmin.pem file that is created with this command is copied to the ~/.chef directory before updating the credentials file later in this document. + +### Add New User to Organization in CLI + +Now that the Organization and User are created, the two must be associated together. Use the knife org user command to add the user to an organization. For example, to add the User named chefadmin to the Organization called myorg: + +```sh +knife org user add myorg chefadmin +``` -Run the following command on the command line: +### Update the Credentials file to use a new account -### Knife Client List +The credentials file under the ~/.chef directory on the Chef Workstation must be updated to reflect the new Organization, User, and PEM file. -### Workstation Setup +1. Navigate to ~/.chef -1. To set up the workstation on your instance follow these steps: +1. Modify the credentials file + * Change the client_name to the new account that was created (Example: chefadmin) - * Install the latest version of Chef Workstation on the Ubuntu system. Install the version using the command shown below: + * Change the client_key to the new PEM file that was created (Example: ‘home/admin/.chef/chefadmin.pem’ - ```sh - wget https://packages.chef.io/files/stable/chef-workstation/21.2.524/ubuntu/20.04/chef-workstation_21.2.524-1_amd64.deb - ``` + * Change the chef_server_url to include the new Organization (Example: ‘https://mycompany-demo.saas.chef.io/organizations/myorg’ - * For Deb packaging run the following command: + * Save and Quit - ```sh - dpkg -i chef-workstation_21.2.524-1_amd64.deb - ``` + IMAGE - * Verify installation by running the following command: +### Create Organization in Web User Interface - ```sh - chef -v - ``` +The following steps will add the Organization in the Chef SaaS Web User Interface to allow for visualization of Cookbooks, Data Bags, Nodes, Policyfiles, etc. Connect to the URL provided by Progress Chef and log in with the admin account credentials. - For additional information refer to the [Install Workstation](https://docs.chef.io/workstation/install_workstation/) page. +1. Select Infrastructure in the top navigation. - * Generate `chef-repo` using the following command: +1. Select Chef Infra Servers in the left-hand navigation. - ```sh - chef generate repo chef-repo - ``` +1. Select the Infra Server that was created earlier. - For additional information refer to the [Getting Started](https://docs.chef.io/workstation/getting_started/) page of Workstation. +1. Click Add Chef Organization. - * Paste the `pem` file of user inside `/root/.chef/`. + * Provide the Name of the Organization that was created earlier in the CLI. (Example: myorg) - * Paste the `pem` file of node you want to bootstrap inside `/root/.ssh/`. + * For Admin User, enter the new account that was created earlier (Example: chefadmin) - * Edit credentials file using the following command: + * For Admin Key, paste the contents of the new PEM file that was created along with the account (Example: chefadmin.pem) - ```sh - vi /root/.chef/credentials - ``` + * Click Add Chef Organization - Provide the name of the user created in **chef_server**, the correct path of `pem` file of the user, and the chef server URL and organization name. +IMAGE - ```sh - [default] - client_name = "" - client_key = "/root/.chef/" - chef_server_url = "https://demo-server.saas.chef.io/organizations//" - ``` +### Run Knife SSL Check - * Run bootstrap command using the following command: +Chef SaaS leverages public certificates to ensure a secure connection to the service. It is always best to run an SSL check on the Workstation to verify that the certificate is trusted to eliminate any connection issues. - ```sh - knife bootstrap -i ~/ -U ubuntu -N --sudo - ``` +1. Run the following command: knife SSL check and ensure a successful message is displayed. -* **Public IP**: Public IP is the IP address of node which we are bootstrapping. +### Run Knife client list -* **pem_file_of_node**: `pem` file of node which we have saved at `/root/.ssh/`. +Lastly, run a client list command to verify that a successful connection can be made to the new organization. -* **name_of_node**: You can provide any name to your node. +1. Run the following command: knife client list and ensure a validator entry is returned (Example: myorg-validator) diff --git a/content/sass/opsworks_migration.md b/content/sass/opsworks_migration.md index eb1e8a6ba5..9b7989b2fb 100644 --- a/content/sass/opsworks_migration.md +++ b/content/sass/opsworks_migration.md @@ -10,3 +10,62 @@ draft = false weight = 30 +++ +This guide will walk you through the migration scenarios from AWS OPSWorks to Chef SaaS. + +{{< note >}} Assuming that you have upgraded to Automate 2.0 {{< /note >}} + +If you have already upgraded to Chef Automate 2.0, no further installation, upgrade or maintenance is required. + +Advantages to migrate from AWS OPSWorks to Chef SaaS is given below: + +1. Customer reviews ans reduced current data as needed. + +1. Creates Data Backup. + +1. Chef creates SaaS account. + +1. Chef restores backup. + +1. Register nodes with Chef SaaS. + +The steps to migrate from AWS OPSWorks to Chef SaaS is given below: + +1. You will get a SaaS environment to start the process. The image is given below: + + IMAGE + +1. Once the environment is created, the environment will be inserted under the monitoring tools. + + IMAGE + +1. As a part of the process, a deployment will take place in a Blue/Green method which will directly link to your public DNS. + + IMAGE + +1. Once the environment is created, you will get: + + * Created default admin user. + + * Created Master PEM and Pivitol User PEM file. + + The above pointers will ensure that the environment can be used as a fresh environment. + +1. Once you receive the generic information that the SaaS environment is ready it is time to make a backup of the OPSWorks environment. + + IMAGE + +1. Download the backup in **.zip** format, once it is created. + + IMAGE + +1. While created a SaaS environment, a S3 bucket has also been created that can be used for storing the backup. The S3 bucket expires in 14 days after the environment set up and will only allow once backup file per bucket. If you provide two or more files, only the last upload will remain in the bucket. + + IMAGE + +1. Once the above steps are done, a backup will be restores into your new SaaS environment. + + IMAGE + +1. Once the restoring is done, you can login to Chef SaaS using your OPSWorks credentials. After logging in, you will see data in the environment up to the day of the backup. This will include users, cookbooks, client runs, ECT. + +The last step will be to point you OPSWorks Nodes to the Chef SaaS DNS to have node data flow going forward. diff --git a/content/sass/sso.md b/content/sass/sso.md index 60ff4511b7..2924023981 100644 --- a/content/sass/sso.md +++ b/content/sass/sso.md @@ -1,7 +1,6 @@ +++ title = "Configure SSO for Chef SaaS" draft = false - [menu] [menu.saas] title = "Configure SSO" @@ -10,13 +9,14 @@ draft = false weight = 40 +++ + Single sign-on (SSO) is an authentication method that enables you to securely authenticate and use all services with just one set of credentials. The steps are as follows: -1. Login to automate. Once done, open the **https://your_automate_url/sso** URL in new tab. +1. Login to automate. Once done, open the **https://your_automate_url/sso** URL in a new tab. -2. The above URL will redirect you to the SAML setup page where the you(admin) can set up the Single sign-on configuration using the UI provided. +1. The above URL will redirect you to the SAML setup page where you(admin) can set up the Single sign-on configuration using the UI provided. -3. The Chef SaaS SSO feature supports only SAML-based IDP authentication as of now and will support IDPs according to the [Automate Documentation](https://docs.chef.io/automate/saml/). +1. The Chef SaaS SSO feature supports only SAML-based IDP authentication as of now and will support IDPs according to the [Automate Documentation](https://docs.chef.io/automate/saml/). ## IDP Configuration @@ -26,11 +26,12 @@ Chef SaaS SSO feature supports major SAML authentication as per the current supp * [Microsoft 365 and Azure AD IDP configuration for SSO](https://chefio.atlassian.net/wiki/spaces/CPSK/pages/2712142486/Azure+AD+and+Microsoft+365+IDP+configuration+for+SSO) + ## User SSO Integration Journey ### Prerequisites -* The User SSO Integration Journey feature is accessible only for the SaaS admins. +* The User SSO Integration Journey feature is accessible only to the SaaS admins. * Supported IDP is up and ready. @@ -42,10 +43,9 @@ Chef SaaS SSO feature supports major SAML authentication as per the current supp 1. Modify your browser URL with SSO. - * Remove everything after `https://your_automate_url/` from your automate url and add `/sso`. For Example: `https://your_automate_url/dashboard/event-feed` will become `https://your_automate_url/sso` + * Remove everything after `https://your_automate_url/` from your automate URL and add `/sso`. For Example: `https://your_automate_url/dashboard/event-feed` will become `https://your_automate_url/sso` * On navigating to `https://your_automate_url/sso` you will be authenticated and authorized for admin-level privileges and redirected to the Chef-SaaS SSO UI. - IMAGE 1. Fill the form fields with the values provided by your IDP. @@ -68,31 +68,31 @@ Chef SaaS SSO feature supports major SAML authentication as per the current supp 1. Refer to the [link](https://chefio.atlassian.net/wiki/spaces/CPSK/pages/2666037294) if any error or validation failures arises. -1. Select **Submit** to set the SSO config. Submit button will be enabled if the form validation is passes. +1. Select **Submit** to set the SSO config. The submit button will be enabled if the form validation is passed. -1. An indication icon will run until setup process is completed. Refer to the image below: +1. An indication icon will run until the setup process is completed. Refer to the image below: IMAGE -1. When the request is completed, you will be able to see if your set up is complete or if there are errors with the configuration. +1. When the request is completed, you will be able to see if your setup is complete or if there are errors with the configuration. - * If request completes user will see SSO Request is complete. Config applied successfully. + * If the request completes user will see the SSO Request is complete. Config applied successfully. * If the request fails user will see SSO Request Failed with an appropriate message. ### Delete the SSO integration -The steps to delete the SSO integration is as follows: +The steps to delete the SSO integration are as follows: -1. Remove **Configuration** button will be enabled once config is present. Click on it to remove the config. +1. Remove the **Configuration** button will be enabled once the config is present. Click on it to remove the config. -1. A popup will appear to confirm if user wants to remove config or not. +1. A popup will appear to confirm if a user wants to remove the config or not. -IMAGE + IMAGE 1. Select **Remove** to start the config removal process. - * An indication icon will be present until configuration is removed. Admin will see SSO request is complete Config removed Successfully. + * An indication icon will be present until the configuration is removed. Admin will see SSO request is complete Config removed Successfully. * In case of error admin will see SSO Request Failed with an appropriate message. @@ -106,7 +106,7 @@ Assuming that the admin has set up its IDP, the admin can go ahead and provide t 1. **Username Attribute:** It is used to refer to a username. The attribute configured in IDP for the username can be passed here. -1. **Entity Issuer URL:** It contains the value of the Identifier (Entity ID). This should be your automate URL with dex callback. Ensure that this is a valid url. Ex- https://your_automate_url/dex/callback +1. **Entity Issuer URL:** It contains the value of the Identifier (Entity ID). This should be your automate URL with dex callback. Ensure that this is a valid URL. Ex- https://your_automate_url/dex/callback 1. **CA Certificate:** This is the (Base64) Certificate value generated by your IDP on app configuration. Ensure that this certificate has -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers. This value should be used as it is and should not contain /n sequences. @@ -133,10 +133,9 @@ Admins can now select **Cancel** used to override the field data that was edited 1. Click on Create App Integration. IMAGE - 1. Select SAML 2.0, and select next. -1. You will be redirected to page where you can create your app. +1. You will be redirected to a page where you can create your app. IMAGE @@ -164,23 +163,21 @@ Admins can now select **Cancel** used to override the field data that was edited 1. Add users who can login using this app. - * Click on Assignments then Click on Assign and then to assign to people. Select users from list to add users on the app. + * Click on Assignments then Click on Assign and then to assign to people. Select users from the list to add users to the app. IMAGE -1. Your app will be created click on view SAML setup instruction as shown in below image: - -IMAGE +1. Your app will be created click on view SAML setup instructions as shown below image: -1. Your Okta account is setup now. You can use config provided by okta to setup SAML on automate. + IMAGE -Multiple options can be selected. +1. Your Okta account is set up now. You can use the config provided by Okta to set up SAML on automate. -For use with Azure AD +Multiple options can be selected for use with Azure AD ### Before You Start -This guide assumes you have the following set up: +This guide assumes you have the following setup: 1. Azure AD / Microsoft 365 with Azure AD access @@ -188,15 +185,15 @@ This guide assumes you have the following set up: 1. Chef Automate 2.0 or later version -Steps are as follows: +The steps are as follows: 1. Create an Application in Azure. * Go azure AD portal ([https://portal.azure.com]) and login into it. - * Under Enterprise applications, Select New application and then select Create your own application to create a new application. + * Under Enterprise applications, Select New application and then select Create your application to create a new application. - * Provide name for application. + * Provide a name for the application. * Select Non-Gallery Application option. @@ -206,7 +203,7 @@ Steps are as follows: * Under the Single Sign-On option, fill out the following information: - * In section 1 – Basic SAML Configuration, enter following: + * In section 1 – Basic SAML Configuration, enter the following: IMAGE @@ -274,7 +271,7 @@ Steps are as follows: * Logout URL. - * After setup, go to Users and groups for assigning users and groups to the application. + * After setup, go to Users and Groups to assign users and groups to the application. IMAGE @@ -284,21 +281,22 @@ Steps are as follows: * Log into chef-automate and then switch to SSO UI i.e https://{your-chef-automate-fqdn}/sso - * Fill the required values: + * Fill in the required values: - * **CA Information:** this is the X.509 Certificate from section 3 above. Copy the downloaded certificate contents and paste as the value for CA Information. + * **CA Information:** This is the X.509 Certificate from section 3 above. Copy the downloaded certificate contents and paste them as the value for CA Information. - * **SSO URL:** This is the value for Identity Provider Single Sign-On URL. Use the Login URL value from Section 4 above. + * **SSO URL:** This is the value for the Identity Provider Single Sign-On URL. Use the Login URL value from Section 4 above. IMAGE - * **Email Attribute:** This is the name of the claim for email. (eg: In our case, it is emailaddress) + * **Email Attribute:** This is the name of the email claim. (eg: In our case, it is emailaddress) - * **Username Attribute:** This is the name of the claim for username. (eg: In our case, it is username) + * **Username Attribute:** This is the name of the claim for the username. (eg: In our case, it is username) - * **Entity Issuer:** This should be the URL provide in section 1 for Identifier (Entity ID). (eg: In our case, it ishttps://{your-chef-automate-fqdn}/dex/callback) + * **Entity Issuer:** This should be the URL provided in section 1 for Identifier (Entity ID). (eg: In our case, it ishttps://{your-chef-automate-fqdn}/dex/callback) - * **Name Id Policy Format:** This should be the Unique User Identifier (Name ID) value from value column for Name ID present in square brackets. eg:- user.userprincipalname [nameid-format:emailAddress]and add it to end of urn:oasis:names:tc:SAML:1.1:. + * **Name Id Policy Format:** This should be the Unique User Identifier (Name ID) value from the value column for Name ID present in square brackets. eg:- user. + userprincipalname [nameid-format:emailAddress]and add it to the end of urn:oasis:names:tc:SAML:1.1:. IMAGE @@ -326,6 +324,6 @@ These values are accepted for name_id_policy_format: * urn:oasis:names:tc:SAML:2.0:nameid-format:transient -Click Submit button to patch the SSO settings on chef-automate +Click the Submit button to patch the SSO settings on the chef-automate Multiple options can be selected.