Configure Mission Control to use OpenID Connect (OIDC) for authentication
Mission Control can use the OpenID Connect (OIDC) or Lightweight Directory Access Protocol (LDAP) protocols for authentication. This topic explains how to configure the OIDC setup. See Configure Mission Control to use LDAP for the other supported authentication protocol.
Prerequisites
-
An instance of Mission Control, installed through either your own Kubernetes cluster or the runtime installer. See planning for your installation.
-
A downloaded Mission Control license file.
Mission Control requires a license file to provide Kubernetes Off-The-Shelf (KOTS) or Helm with required information for installation. Information includes customer identifiers, software update channels, and entitlements.
Are you exploring Mission Control as a solution for your organization? Fill out this registration form to request a community edition license.
If you need a replacement license file or a non-community edition, or want to convert your Public Preview license to use a stable channel release version, contact your account team.
-
A prepared environment on either bare-metal/VM or an existing Kubernetes cluster.
-
Reference the OIDC configuration, connector fields and values information.
Configure Mission Control to use OIDC for authentication
To configure Mission Control to use OIDC for authentication, follow the steps for your installation type.
-
KOTS installation
-
Helm installation
-
Port-forward to the admin console:
kubectl kots admin-console
-
Navigate to
http://127.0.0.1:8800
(password:admin
) to edit the Mission Control configuration and enable the OIDC connector. -
Complete the Authentication and Connector sections by providing your environment’s OIDC settings.
See the Dex OIDC connector documentation for available fields and their descriptions.
-
Deploy the new configuration.
-
Navigate to the Mission Control UI, and then click Sign in with OpenID Connect to test the connection.
-
Optional: Remove the admin user in the Mission Control configuration to remove the Sign in with Email option.
-
Configure the OIDC connector in your
values.yaml
file under thedex
section:dex: config: connectors: - type: oidc id: oidc name: OpenID Connect config: # Add your OIDC configuration here
See the Dex OIDC connector documentation for available fields and their descriptions.
-
Apply the updated configuration:
helm upgrade mission-control ./mission-control -f values.yaml
-
Navigate to the Mission Control UI, and then click Sign in with OpenID Connect to test the connection.
-
Optional: Remove the admin user in the Mission Control configuration to remove the Sign in with Email option.