Configure single sign-on (SSO) authentication
COMMERCIAL FEATURE: Access authentication providers for single sign-on (SSO) in the packaged Sensu Go distribution. For more information, read Get started with commercial features.
In addition to the built-in basic authentication, Sensu offers commercial support for using Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or OpenID Connect 1.0 protocol (OIDC) for single sign-on (SSO) authentication.
Configure authentication providers
To configure an external authentication provider for SSO, first write an authentication provider configuration definition. Follow the examples and specifications for your provider:
- Lightweight Directory Access Protocol (LDAP), including standards-compliant tools like OpenLDAP (configuration examples and specification)
- Microsoft Active Directory (AD), including Azure AD (configuration examples and specification)
- OpenID Connect 1.0 protocol (OIDC), including tools like Okta and PingFederate (configuration examples and specification)
Save your configuration definition to a file, such as
After you have a saved configuration definition, you can apply the configuration with sensuctl. Log in to sensuctl as the default admin user and use sensuctl to apply your authentication provider configuration to Sensu:
sensuctl create --file authconfig.yml
sensuctl create --file authconfig.json
Use sensuctl to verify that your provider configuration was applied successfully:
sensuctl auth list
The response will list your authentication provider types and names:
Manage authentication providers
View and delete authentication providers with enterprise/authentication/v2 API endpoints or these sensuctl commands.
To view active authentication providers:
sensuctl auth list
To view configuration details for an authentication provider named
sensuctl auth info openldap
To delete an authentication provider named
sensuctl auth delete openldap