In Kaptain, authenticating users and user groups is carried out by DKP’s Dex instance. To use an alternative external identity provider as an authenticator, you can set up DKP’s Dex to use the identity provider of your choice.
When you install Kaptain in your management cluster, the identity provider of your choice is already integrated with your DKP Dex instance, so no further steps are required for you to be able to enable access to your Kaptain instance with the credentials defined with your identity provider.
When Kaptain is installed in a managed cluster, ensure the managed cluster can communicate with the Dex instance in the management cluster. For this, configure Kaptain to authenticate with a DKP management cluster via Dex.
Access Kaptain with your Identity provider credentials
Open the log-in page to access Kubeflow’s dashboard of Kaptain.
Select Log in with your identity provider.
Use your credentials to access Kubeflow’s dashboard for Kaptain.
Limit access to pre-defined groups
Access the DKP UI.
Enterprise only: Select your target workspace from the top menu bar.
Select Applications from the sidebar menu.
Search the Kaptain application card, either by filtering the name or scrolling down to find it.
Select the three dot menu > Edit in the Kaptain application card.
In the Configure Service field, enter the following variables to update the ingress values. Provide or delete the names of the groups you want to add or remove:
ingress: oidcGroupsAllowList: <group1>,<group2>
If you need the Authentication Service to accept
ServiceAccountTokens, include the
ingress: oidcGroupsAllowList: <group1>,<group2>,system:serviceaccounts