Once you set up SAML for Jenkins via Teamstack, your users will be able to login to Jenkins using their Teamstack credentails.
- Jenkins (SP) initiated Single Sign-On
- Teamstack (IdP) initiated Single Sign-On
- Just in time (JIT) provisioning
Set up SSO via SAML for Jenkins
To set up SSO you first need to add Jenkins app to Teamstack, assign it to yourself and then configure Jenkins SSO with the SAML metadata from Teamstack.
Step 1: Add Jenkins app to Teamstack
- Go to your Applications in Teamstack.
- Click "Add Application" in the top right corner.
- Search for "Jenkins" and click "Add".
- Select this app to be a "SAML" app, input your Jenkins's base URL to Base URL field and leave "Relay State" field empty.
- In Organization's Applications overview, click on the newly created Jenkins app. You will see all the details about this app.
- Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for Jenkins.
- Click on the "SAML Configurations" tab. Download the metadata file by click "SAML Metadata" button.
Step 2: Set up SAML in Jenkins
- In the left sidebar, click on "Manage Jenkins".
- Click on "Manage Plugins".
- In the "Available" tab, search for SAML and click "Install without restart".
- After the SAML plugin was added, Go to Manage Jenkins > Configure Global Security
- In the Authentication section select SAML 2.0.
- Copy data from the file you downloaded in step 1.7 and paste it to the "IdP Metadata" field and click on "Validate IdP Metadata".
- Click "Save".
You can now test the login from Teamstack to Jenkins. You need to have Jenkins assigned to yourself in Teamstack. To test the connection, do the following:
- Open a new incognito window.
- Log into Teamstack.
- Click on the Jenkins app on your dashboard.
- You will be redirected to Jenkins and will be logged in without the need to enter a password at Jenkins.