rosa create idp --help
To log in to your cluster, set up an identity provider (IDP). This tutorial uses GitHub as an example IDP. See the full list of IDPs supported by ROSA.
To view all IDP options, run the following command:
rosa create idp --help
Log in to your GitHub account.
Create a new GitHub organization where you are an administrator.
If you are already an administrator in an existing organization and you want to use that organization, skip to step 9.
Click the + icon, then click New Organization.
Choose the most applicable plan for your situation or click Join for free.
Enter an organization account name, an email, and whether it is a personal or business account. Then, click Next.
Optional: Add the GitHub IDs of other users to grant additional access to your ROSA cluster. You can also add them later.
Click Complete Setup.
Optional: Enter the requested information on the following page.
Go back to the terminal and enter the following command to set up the GitHub IDP:
rosa create idp --cluster=<cluster name> --interactive
Enter the following values:
Type of identity provider: github
Identity Provider Name: <IDP-name>
Restrict to members of: organizations
GitHub organizations: <organization-account-name>
The CLI will provide you with a link. Copy and paste the link into a browser and press Enter. This will fill the required information to register this application for OAuth. You do not need to modify any of the information.
Click Register application.
The next page displays a Client ID. Copy the ID and paste it in the terminal where it asks for Client ID.
Do not close the tab.
The CLI will ask for a Client Secret. Go back in your browser and click Generate a new client secret.
A secret is generated for you. Copy your secret because it will never be visible again.
Paste your secret into the terminal and press Enter.
Leave GitHub Enterprise Hostname blank.
Wait approximately 1 minute for the IDP to be created and the configuration to land on your cluster.
Copy the returned link and paste it into your browser. The new IDP should be available under your chosen name. Click your IDP and use your GitHub credentials to access the cluster.
To grant access to other cluster user you will need to add their GitHub user ID to the GitHub organization used for this cluster.
In GitHub, go to the Your organizations page.
Click your profile icon, then Your organizations. Then click <your-organization-name>. In our example, it is
Click Invite someone.
Enter the GitHub ID of the new user, select the correct user, and click Invite.
Once the new user accepts the invitation, they will be able to log in to the ROSA cluster using the console link and their GitHub credentials.