Different methods for configuring Okta SSO with Kargo when deploying through the Akuity Platform
When Kargo is deployed through the Akuity Platform, direct access to Helm charts or values.yaml is not available. However, Okta SSO integration is still fully supported through multiple methods.
Options for Configuring Okta with Kargo
1. UI Configuration (Recommended for Most Users):
SSO integration with Okta can be added directly via the Akuity UI under Kargo > Settings > Access. This method is straightforward and does not require Terraform or file editing.
2. Declarative Specs (For GitOps Users):
A declarative approach is supported using the Akuity Declarative Specs. This allows defining the full configuration, including OIDC settings, in YAML.
To export the current configuration and modify it:
akuity kargo export --organization-name <org-name> <kargo-instance-name>
Example output includes:
apiVersion: kargo.akuity.io/v1alpha1kind: Kargometadata: name: kargo-akuityspec: oidcConfig: dexConfig: |- connectors: - type: saml id: okta name: OKTA config: ssoURL: https://<your-okta-sso-url> redirectURI: https://<your-kargo-subdomain>.kargo.akuity.cloud/dex/callback usernameAttr: name emailAttr: email groupsAttr: group caData: <your-cert> dexEnabled: true
Note: The declarative method may not be supported on certain platform versions. A fix is under development to expand compatibility for older Kubernetes versions.
3. Terraform Integration (Advanced Users):
Terraform can also be used to manage Kargo instances and SSO configurations. See the Terraform provider documentation for examples and supported fields.
Reference:
The latest instructions for configuring Kargo SSO on the Akuity Platform can be found here:
https://docs.akuity.io/kargo/Settings/access/oidc-config