Configuring CloudBees CI to use single sign-on with CloudBees Software Delivery Automation

3 minute readAutomation

Unified authentication via single sign-on (SSO) enables CloudBees Software Delivery Automation users to sign in once to access both CloudBees CI and CloudBees CD/RO. CloudBees CI can be configured to authenticate with CloudBees Software Delivery Automation using SSO, where the CloudBees Software Delivery Automation server acts as the identity provider for CloudBees CI. CloudBees CI delegates to the CloudBees Software Delivery Automation server to authenticate CloudBees CI users.

To configure CloudBees CI to use SSO with CloudBees Software Delivery Automation, you must complete the following steps:

Configuring SSO for CloudBees Software Delivery Automation

If you have not done so already, you must first configure SSO for CloudBees Software Delivery Automation. SSO for CloudBees Software Delivery Automation supports the following protocols:

Setting up the connection to CloudBees Software Delivery Automation in CloudBees CI

Once you have configured SSO for CloudBees Software Delivery Automation, you must enable the connection to CloudBees Software Delivery Automation in CloudBees CI.

This procedure is required only in the following situations:

  • CloudBees CI on traditional platforms is installed.

  • You installed CloudBees CI on modern cloud platforms, but omitted ci.OperationsCenter.Hostname.

To enable the connection to CloudBees Software Delivery Automation in CloudBees CI:

  1. From the CloudBees navigation, select CI.

  2. Select Manage Jenkins Configure System, and then scroll down to Connection to CloudBees Software Delivery Automation.

  3. Enter the URL of the CloudBees Software Delivery Automation server. For example, https://your.hostname/.

  4. Select Allow analytics events to be sent.

  5. Select Save.

Enabling CloudBees CI to use SSO

Once you have set up the connection to CloudBees Software Delivery Automation, you must enable CloudBees CI to use SSO.

Before you enable CloudBees CI to use SSO, you must first set up the connection to CloudBees Software Delivery Automation and test the CloudBees Software Delivery Automation URL, if you have not done so already. CloudBees also recommends you verify that several representative users, including a user with administrator permissions, can sign in to the CloudBees Software Delivery Automation server. Otherwise, once SSO is enabled for CloudBees CI, you may be locked out of CloudBees CI and need to use a recovery command to regain access.

To enable CloudBees CI to use SSO:

  1. From the CloudBees navigation, select CI.

  2. Select Manage Jenkins Configure Global Security.

  3. Under Security Realm, select Single sign-on via CloudBees Software Delivery Automation.

  4. Select Check connection to CloudBees Software Delivery Automation to verify that the URL for CloudBees Software Delivery Automation is valid and the CloudBees CD/RO or CloudBees Analytics version is 10.2.0 or later, which is required to use SSO.

  5. Select Save.

Signing in to CloudBees Software Delivery Automation

To sign in, enter https://<cloudbees-server>/flow/ in a browser window, where <cloudbees-server> is the CloudBees Software Delivery Automation server IP address or host name.

The sample sign-in page below is SSO-enabled with GSuite and Kerberos SSO. Your page may be enabled with other SSO identity providers, such as Okta.

SSO enabled
Figure 1. SSO enabled

From here, use one of the following methods to sign in:

  • Select Sign in with Google: The credentials are authenticated via the Google identify provider, and if successful, you are redirected to the home page.

  • Select Sign in with Kerberos: This system has additionally been enabled with Kerberos SSO. The credentials are authenticated, and if successful, you are redirected to the home page.

  • Enter a Username and Password for local authentication. Then select Sign in. If successful, you are redirected to the home page.

If you do not already have an active session, you are unable to sign in through the CloudBees Software Delivery Automation server when the CloudBees Software Delivery Automation server is being upgraded. The following message appears on the sign-in screen until the CloudBees Software Delivery Automation server upgrade is complete: “Server is starting. Please wait.”