Skip to main content

Enabling and Configuring Identity Service (Beta)

When enabling the identity service for your application, the Replicated app manager will deploy Dex as an intermediary that can be configured to control access to the application. Dex implements an array of protocols for querying other user-management systems, known as connectors. This feature is only available for licenses that have the identity service feature enabled.

The identity service currently has the following limitations:

  • Only available with embedded cluster installations with the Kubernetes installer.
  • Only available through the Replicated admin console.

Identity Service License Field

The Identity custom resource enables and configures the identity service for your application. If you prefer, here is an example application that demonstrates how to configure the identity service.

To begin, create a new release on the vendor portal. Once you are editing the release, create a new Identity CRD file customized for your application.

Identity Service CRD

The identity service has to be accessible from the browser. For that reason, the app manager provides the service name and port to the app through the identity template functions so that the app can then configure ingress for the identity service, for example:

Identity Service Ingress

All the necessary information that your application needs to communicate and integrate with the identity service can be passed through environment variables, for example:

Identity Service Application Env

Role Based Access Control

It is also possible to regulate access to your application resources based on the roles of individual users within the customer's organization.

A list of the available roles within your application can be provided to the customer via the roles section of the Identity CRD.

Identity Service CRD Roles

Then, using the admin console, the customer will have the ability to create groups and assign specific roles to each group. This mapping of roles to groups will then be available to your application via the IdentityServiceRoles template function.

Identity Service CRD Roles