ClearML/clearml-docs
1
0
Fork 0
mirror of https://github.com/clearml/clearml-docs synced 2025-06-26 18:17:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Group Integration in Active Directory SAML

Browse Source
This commit is contained in:
revital
2025-02-16 10:00:16 +02:00
parent c7676bf0f1
commit e9ded396ba
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/deploying_clearml/enterprise_deploy/sso_active_directory.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: Group Integration in Active Directory SAML
---
Follow this guide to integrate groups from Active Directory with ClearML.
## Actions in Active Directory
Make sure that the group claims are passed to the ClearML app.
## Actions in ClearML
### Creating the Groups
* Groups integration is disabled by default
* Groups are not auto-created and need to be created manually in ClearML using the [Users & Groups](../../webapp/settings/webapp_settings_users.md#user-groups)
page in the ClearML web UI, or using the ClearML API.
* If a group does not exist in ClearML, the user will be created, but will not be assigned to any group.
* Group claim used by ClearML is `groups` by default
* Group name is taken from the first CN of the full DN path. For example, for the following DN: `CN=test, OU=unit, DU=mycomp`,
the group name in ClearML will be `test`
* The group name matching in ClearML is case-sensitive by default
### Configuring ClearML Group Integration
To enable ClearML group integration set the following environment variable:
```
CLEARML__services__login__sso__saml_client__microsoft_ad__groups__enabled=true
```
To configure groups that should automatically become admins in ClearML set the following environment variable:
```
CLEARML__services__login__sso__saml_client__microsoft_ad__groups__admins=[<admin_group_name1>, <admin_group_name2>, ...]
```
To change the the default Group Claim set the following environment variable:
```
CLEARML__services__login__sso__saml_client__microsoft_ad__groups__claim=...
```
To make group matching case insensitive set the following environment variable:
```
CLEARML__services__login__sso__saml_client__microsoft_ad__groups__case_sensitive=false
```
In order to prohibit the users, who do not belong to any of the AD groups created in ClearML from signing up set the following environment variable:
```
CLEARML__services__login__sso__saml_client__microsoft_ad__groups__prohibit_user_signup_if_not_in_group=true
```

1
sidebars.js
View File

@@ -710,6 +710,7 @@ module.exports = {
'SSO': [
'deploying_clearml/enterprise_deploy/sso_saml_k8s',
'deploying_clearml/enterprise_deploy/sso_keycloak',
'deploying_clearml/enterprise_deploy/sso_active_directory'
]
},
]