diff --git a/_data/toc.yaml b/_data/toc.yaml index 146b8b9763..9c25fbb0dd 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1748,6 +1748,8 @@ manuals: title: License your installation - path: /datacenter/dtr/2.3/guides/admin/configure/use-your-own-tls-certificates/ title: Use your own TLS certificates + - path: /datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on/ + title: Enable single sign-on - sectiontitle: External storage section: - path: /datacenter/dtr/2.3/guides/admin/configure/external-storage/ diff --git a/datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on.md b/datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on.md new file mode 100644 index 0000000000..da8012e30c --- /dev/null +++ b/datacenter/dtr/2.3/guides/admin/configure/enable-single-sign-on.md @@ -0,0 +1,42 @@ +--- +title: Enable single sign-on +description: Learn how to set up single sign-on between UCP and DTR, so that your users only have to authenticate once +keywords: dtr, login, sso +--- + +By default, users are shared between UCP and DTR, but you have to authenticate +separately on the web UI of both applications. + +You can configure DTR to have single sign-on (SSO) with UCP, so that users only +have to authenticate once. + +## At installation time + +When installing DTR, use the `docker/dtr install --dtr-external-url ` +option to enable SSO. When accessing the DTR web UI, users are redirected to the +UCP login page, and once they are authenticated, they're redirected to the URL +you provided to `--dtr-external-url`. + +Use the domain name of DTR, or the domain name of a load balancer, if you're +using one, to load-balance requests across multiple DTR replicas. + +## After install + +In your browser, navigate to the DTR web UI, and choose **Settings**. In the +**General** tab, scroll to **Domain & proxies**. + +Update the **Load balancer / public address** field to the url where users +should be redirected once they are logged in. +Use the domain name of DTR, or the domain name of a load balancer, if you're +using one, to load-balance requests across multiple DTR replicas. + +Then enable **Use single sign-on**. + +![](../../images/enable-sso-1.png){: .with-border} + +Once you save, users are redirected to UCP for logging in, and redirected back to +DTR once they are authenticated. + +## Where to go next + +* [Use your own TLS certificates](use-your-own-tls-certificates.md) diff --git a/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md b/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md index c3cb201a3b..391726e534 100644 --- a/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md +++ b/datacenter/dtr/2.3/guides/admin/configure/license-your-installation.md @@ -36,4 +36,4 @@ Click the **Apply new license** button, and upload your new license file. ## Where to go next -* [Use your own TLS certificates](use-your-own-tls-certificates.md) +* [Enable single sign-on](enable-single-sign-on.md) diff --git a/datacenter/dtr/2.3/guides/images/enable-sso-1.png b/datacenter/dtr/2.3/guides/images/enable-sso-1.png new file mode 100644 index 0000000000..ce0891c20f Binary files /dev/null and b/datacenter/dtr/2.3/guides/images/enable-sso-1.png differ