mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
a7f016a8d8
* Updated docs for the improved Google OIDC connector * Apply suggestions from code review Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com> * Use "code" blocks for copyable commands * whitespace * Consistency with punctuation and avoid splitting paragraphs with images. * Updated error message matching the current code * Bump minimum version for OIDCConnector v3 to 8.1.2 * More fixes Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
kind: oidc
|
|
metadata:
|
|
name: google
|
|
spec:
|
|
claims_to_roles:
|
|
- claim: groups
|
|
roles:
|
|
- auditor
|
|
value: <auditor@google-workspace-group-email>
|
|
- claim: groups
|
|
roles:
|
|
- access
|
|
value: teleport-developers@example.com
|
|
client_id: <GOOGLE_WORKSPACE_CLIENT_ID>.apps.googleusercontent.com
|
|
client_secret: <OAUTH_CLIENT_SECRET>
|
|
display: Google
|
|
google_admin_email: <GOOGLE_WORKSPACE_ADMIN_EMAIL>
|
|
google_service_account: |
|
|
{
|
|
"type": "service_account",
|
|
"project_id": "<project_id>",
|
|
"private_key_id": "<private_key_id>",
|
|
"private_key": "-----BEGIN PRIVATE KEY-----\n<private key contents>\n-----END PRIVATE KEY-----\n",
|
|
"client_email": "<teleport service account email>",
|
|
"client_id": "<client_id>",
|
|
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
|
"token_uri": "https://oauth2.googleapis.com/token",
|
|
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
|
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/teleport-service-account%40access-304316.iam.gserviceaccount.com"
|
|
}
|
|
issuer_url: https://accounts.google.com
|
|
redirect_url: https://<cluster-url>:3080/v1/webapi/oidc/callback
|
|
scope:
|
|
- openid
|
|
- email
|
|
version: v3
|