In environments using GitHub, you can configure Rancher to allow sign on using GitHub credentials.
Prerequisites: Read External Authentication Configuration and Principal Users.
- Sign into Rancher using a local user assigned the
administratorrole (i.e., the local principal).
- In the top left corner, click ☰ > Users & Authentication.
- In the left navigation menu, click Auth Provider.
- Click GitHub.
Follow the directions displayed to set up a GitHub Application. Rancher redirects you to GitHub to complete registration.
What’s an Authorization Callback URL?
The Authorization Callback URL is the URL where users go to begin using your application (i.e. the splash screen).
When you use external authentication, authentication does not actually take place in your application. Instead, authentication takes place externally (in this case, GitHub). After this external authentication completes successfully, the Authorization Callback URL is the location where the user re-enters your application.
From GitHub, copy the Client ID and Client Secret. Paste them into Rancher.
Where do I find the Client ID and Client Secret?
From GitHub, select Settings > Developer Settings > OAuth Apps. The Client ID and Client Secret are displayed prominently.
Click Authenticate with GitHub.
Use the Site Access options to configure the scope of user authorization.
Allow any valid Users
Any GitHub user can access Rancher. We generally discourage use of this setting!
Allow members of Clusters, Projects, plus Authorized Users and Organizations
Any GitHub user or group added as a Cluster Member or Project Member can log in to Rancher. Additionally, any GitHub user or group you add to the Authorized Users and Organizations list may log in to Rancher.
Restrict access to only Authorized Users and Organizations
Only GitHub users or groups added to the Authorized Users and Organizations can log in to Rancher.
- GitHub authentication is configured.
- You are signed into Rancher with your GitHub account (i.e., the external principal).