Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Early Access
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
    • Overview of Konnect
    • Architecture
    • Network Resiliency and Availability
    • Port and Network Requirements
    • Compatibility
    • Stages of Software Availability
    • Release Notes
      • Control Plane Upgrades FAQ
      • Supported Installation Options
    • Overview
    • Access a Konnect Account
    • Set up a Runtime
    • Configure a Service
    • Implement and Test the Service
      • Publish and Consume Services
      • Register Applications
    • Import Kong Gateway Entities into Konnect
    • Overview
      • Overview
      • Dashboard
      • Manage Runtime Groups with UI
      • Manage Runtime Groups with decK
      • Installation Options
      • Install with Docker
      • Install on Kubernetes
      • Install on Linux
      • Install on AWS
      • Install on Azure
      • Upgrade a Runtime Instance to a New Version
      • Renew Certificates
      • Runtime Parameter Reference
      • Overview
      • Runtime Configuration
    • Create Consumer Groups
      • Overview
      • Set Up and Use a Vault in Konnect
    • Plugin Ordering Reference
    • Troubleshoot
    • Overview
      • Konnect Services
      • Service Versions
      • Service Implementations
      • Manage Service Documentation
      • Overview
      • Configure a Plugin on a Service
      • Configure a Plugin on a Route
    • Overview
    • Access the Dev Portal
    • Sign Up for a Dev Portal Account
      • Manage Developer Access
      • Manage Application Registration Requests
      • Manage Application Connections
      • Auto Approve Dev and App Registrations
      • Azure OIDC
      • Application Overview
      • Enable and Disable App Registration
        • Okta
        • Curity
        • Auth0
      • Create, Edit, and Delete an Application
      • Register an Application with a Service
      • Generate Credentials for an Application
    • Customize Dev Portal
    • Troubleshoot
    • Introduction to Analytics
    • Summary Dashboard
    • Analyze Services and Routes
    • Generate Reports
    • Troubleshoot
      • Manage a Konnect Account or Plan
      • Change to a Different Plan
      • Manage Payment Methods and Invoices
      • Overview
        • Overview
        • Manage Teams
        • Teams Reference
        • Roles Reference
      • Manage Users
      • Set up SSO with OIDC
      • Set up SSO with Okta
    • Account and Org Deactivation
    • Troubleshoot
    • Overview
      • API Documentation
      • Identity Integration Guide
      • API Documentation
      • Overview
      • Nodes
      • Data Plane Certificiates
        • Services
        • Routes
        • Consumers
        • Plugins
        • Upstreams
        • Certificates
        • CA Certificates
        • SNIs
        • Targets
        • Vaults
      • API Spec
      • Filtering

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Prerequisites
  • Set up SSO in Konnect
  • Test and apply the configuration
Kong Konnect
  • Home
  • Kong Konnect
  • Org Management
  • Set up SSO with OpenID Connect

Set up SSO with OpenID Connect

As an alternative to Kong Konnect’s native authentication, you can set up single sign-on (SSO) access to Konnect through an identity provider (IdP) with OpenID Connect. This authentication method allows your users to log in to Kong Konnect using their IdP credentials, without needing a separate login.

You can’t mix authentication methods in Kong Konnect. With IdP authentication enabled, all non-admin Konnect users have to log in through your IdP. Only the Konnect org owner can continue to log in with Konnect’s native authentication.

Prerequisites

  • Konnect must be added to your IdP as an application
  • Claims are set up in your IdP

Set up SSO in Konnect

  1. In Kong Konnect, click cogwheel icon Settings, and then Auth Settings.

  2. Click Configure provider for OIDC.

  3. Paste the issuer URI from your IdP in the Issuer URI box.

  4. Paste the client ID from your IdP in the Client ID box.

  5. Paste the client secret from your IdP in the Client Secret box.

  6. In the Organization Login Path box, enter a unique string. For example: examplepath.

    Konnect uses this string to generate a custom login URL for your organization.

    Requirements:

    • The path must be unique across all Konnect organizations. If your desired path is already taken, you must to choose another one.
    • The path can be any alphanumeric string.
    • The path does not require a slash (/).
  7. Click Save.

Test and apply the configuration

Important: Keep built-in authentication enabled while you are testing IdP authentication. Only disable built-in authentication after successfully testing IdP authentication.

You can test the SSO configuration by navigating to the login URI based on the organization login path you set earlier. For example: cloud.konghq.com/login/examplepath. If your configuration is set up correctly, you will see the IdP sign-in window.

You can now manage your organization’s user permissions entirely from the IdP application.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023