This guide walks you through the process of configuring Clavister IdAuth Cloud and Portainer to establish seamless integration using OpenID Connect between the two systems. To achieve this, you will need to perform specific configuration steps in both Portainer and Clavister Cloud Services. The guide uses our example company ShieldIT as<company_name> through the different steps.

Assumptions

The Portainer server is on https://portainer.fqdn:9443/, and your Clavister IdAuth URL is https://shieldit.sase.eu/ , replace with the real hostnames.

Clavister IdAuth Cloud Configuration

1. Navigate to Add-ons and OpenID Connect Provider
2. Click on Add new button and choose the Custom type
3. Provide a name for the Relaying Party
4. Enter the Redirect URI, https://portainer.fqdn:9443/
5. Save

Portainer Configuration

1. Navigate to Settings and Authentication
2. Select OAuth
3. Enable Automatic user provisioning 
4. Enable Automatic team provisioning
   1. Claim name - groups
   2. Enable Assign admin rights to group(s) - the Role in IdAuth Cloud that should give admin rights
5. Select Custom OAuth provider and fill in the following OAuth Configuration
   1. Client ID - Copy from the previous created OpenID Connect Provider
   2. Client secret - Copy from the previous created OpenID Connect Provider
   3. Authorization URL - https://iam.shieldit.sase.eu/authentication/oidc/oidc/login
   4. Access token URL - https://iam.shieldit.sase.eu/authentication/oidc/oidc/token
   5. Resource URL - https://iam.shieldit.sase.eu/authentication/oidc/oidc/userinfo
   6. Redirect URL - https://portainer.fqdn:9443/
   7. Logout URL - https://iam.shieldit.sase.eu/authentication/oidc/oidc/logout
   8. User identifier - sub
   9. Scopes - openid
   10. Auth Style - Auth Decect
6. Save settings

Related articles