Authentication

Connecting Kubescape SaaS with SSO

Kubescape enables third party authentication SSO using SAML or OIDC to its SaaS portal. This enables you to associate your account with all e-mails coming from an authorized domain name.

Please setup the required SAML or OpenID Connect application with your identity provider.

Then go to the Kubescape SaaS portal find user management:

Then go to SSO in the dialog screen

Click "Add New" and follow the instructions.

Add authentication keys to Kubescape CLI

There are some controls that check the relation between the kubernetes manifest and vulnerabilities.
For these controls to work properly, scanning with the third-party authentication SSO is necessary.

kubescape scan --submit --account=<account ID> --client-id=<generated client id> --secret-key=<generated secret key> 

For CICD, set environments variables as follows:

KS_ACCOUNT_ID  // account id
KS_CLIENT_ID   // client id
KS_SECRET_KEY  // access key

Add authentication keys to Kubescape Helm installation

When installing the helm chart (as described in the installation of kubescape helm chart in cluster, set the clientID secretKey values.

e.g.

helm upgrade --install armo  armo/armo-cluster-components -n armo-system --create-namespace --set clusterName=`kubectl config current-context` --set accountGuid=<account ID> --set clientID=<generated client id> --set secretKey=<generated secret key>

Did this page help you?