HashiCorp Cloud Platform
What is HashiCorp Cloud
From https://cloud.hashicorp.com/
HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
Preparation
The following placeholders will be used:
authentik.company
is the FQDN of authentik.
Step 1 - HashiCorp Cloud
Login in under https://portal.cloud.hashicorp.com. Navigate to the Settings entry in the sidebar, then SSO. Enable SSO and configure domain verification for the domain your users email have.
Under Initiate SAML integration, copy SSO Sign-On URL and Entity ID.
Step 2 - authentik
In authentik, under Providers, create a SAML Provider with these settings:
Only settings that have been modified from default have been listed.
Protocol Settings
- Name: HashiCorp Cloud
- ACS URL: Value of SSO Sign-On URL from above
- Issuer: Value of Entity ID from above
- Service Provider Binding: Post
- Audience: Value of Entity ID from above
Open Advanced protocol settings, and ensure a signing certificate is selected, and all default property mappings are selected.
Create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
- Name: HashiCorp Cloud
- Slug: hashicorp-cloud
- Provider: HashiCorp Cloud
Step 3 - HashiCorp Cloud
Open the Application's page in authentik and click on the provider name. Copy the value of SSO URL (Redirect) and paste it into the SAML IDP Single Sign-On URL field in the HashiCorp Cloud settings.
Download the certificate, open it in a text editor, and paste the contents into SAML IDP Certificate in the HashiCorp Cloud settings.
Afterwards, logging in to HashiCorp Cloud with any email address ending in the domains verified above will redirect to your authentik instance, if those email addresses don't have an existing account.