OpsMx
OpsMx
OpsMx
  • Home
  • Overview
    • OpsMx Intelligent Software Delivery (ISD) Platform - Spinnaker
      • Overview
      • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
        • OES Features
          • Automated Workflows
          • Multi-cloud Deployments
          • Safe-Deployment strategies
          • Scalable & Extensible
        • OES Concepts
          • Application Management
          • Application Deployment
      • Data and Intelligence Module - Autopilot
        • Overview
        • Observability
        • Audit and Traceability
        • Continuous Compliance - Policy
          • Policy - Overview
  • Operator Manual
    • Installation and Configuration
      • Quick Installation
        • ISD v4.0
        • ISD v4.0.1
        • ISD v4.0.2
        • ISD v4.0.3
        • ISD v4.0.4
      • Standard Installation
        • ISD v4.0
          • GitOps Based Installation
        • ISD v4.0.1
          • GitOps Based Installation
        • ISD v4.0.2
          • GitOps Based Installation
        • ISD v4.0.3
          • GitOps Based Installation
        • ISD v4.0.4
          • GitOps Based Installation
        • ISD v4.0.4.1
          • GitOps Based Installation
          • Instructions to Update the Parameters in value.yaml
        • ISD v4.0.4.2
          • GitOps Based Installation
          • Enabling Pipeline Insights and Stage Insights in ISD
        • ISD v4.0.4.3
          • GitOps Based Installation
          • Enabling Pipeline Insights and Stage Insights in ISD
          • Instructions to Update the Parameters in value.yaml
        • ISD v2024.06.00
          • GitOps Based Installation
        • ISD v2024.12.00
          • GitOps Based Installation
        • ISD v2025.03.00
          • Enabling Pipeline Insights or Deployment Insights or Stage Insights in ISD
          • GitOps Based Installation
      • Environment setup for OpsMx ISD
      • ISD On-Prem POV Infrastructure requirements
      • ISD On-Prem Production Infrastructure requirements
      • Stormdriver Installation
    • Access Management
      • User Role
      • Feature Visibility
    • SlackOps Interactive Notification
  • User Guide
    • Dashboard
      • Application Dashboard
      • Application Service View
    • Manage Application
      • Create an Application
      • Configure an Application
      • Delete an Application
    • Manage Pipelines
      • Create a Pipeline
      • Add Stage
      • Add Trigger
      • Edit Pipeline
      • Run Pipeline
      • Rename Pipeline
      • Delete Pipeline
      • Disable Pipeline
      • Lock Pipeline
      • View and Restore Pipeline
      • Pipeline level RBAC
      • Add Intelligent Gates to the Pipeline
        • Approval Gate
        • Verification Gate
        • Test Verification Gate
        • Policy Gate
      • Execute pipelines (Run deployments)
        • Rolling Restart for EKS manifest
        • Deployment to Kubernetes namespace with Manifest file
        • Deployment to Kubernetes namespace with Git based Manifest
        • Manual Approval before deployment
        • Blue/Green deployment using Manifest
        • Helm based deployment to Kubernetes namespace
    • Approvals
    • Policy Evaluation
    • Verification History
    • Infrastructure
      • Cluster
    • Integrations
      • Available Integrations
        • Artifact
        • CI
        • Governance
        • Monitoring Tools
        • Notifications
        • Policy
        • SAST/DAST
        • Pub/Sub Subscription Name
        • Verification
      • Used Integrations
        • Artifact
        • SAST / DAST
        • Monitoring Tools
    • Pipeline Templates
    • Cloud Targets
      • Create a new Cloud Target account
      • Cloud Target account operations
    • Environment Mapping
    • Custom Stages
      • ServiceNow
      • Pipeline Promotion
      • JIRA
      • Update PR
      • Custom notification
      • ServiceDesk
      • Ansible
      • Terraform
      • Ansible AWX
    • OpsMx Agent
      • Agent Overview
      • Agent Creation
      • Agent Service Configuration
      • Agent Installation
      • Delete an Agent
      • Agent and Controller Version Compatibility
    • Verification
    • CD Integration
    • Informed Approval
      • Overview
      • Artifactory
      • Bitbucket
      • Bitbucket Server
      • GITHUB
      • Bamboo
      • Jenkins
      • JIRA
      • ServiceNow
      • Aquawave
      • HCL AppScan
      • JFrog Xray
      • Prisma Cloud
      • SonarQube
      • Verification
    • Manage Policy
      • Create Policy
      • Edit Policy
      • Delete Policy
    • Continuous Verification
      • Overview
      • Templates
        • Log Template
        • Metric Template
      • Log Analysis
        • Events and Clusters
        • Cardinality consideration of Error Events
        • Interpreting the cluster graph
        • Interpreting the score
        • Perceived Risk and Sensitivity
        • Canary Threshold Calibration
        • Info-Cluster Scoring
      • Metric Analysis
      • Test Verification
      • Scoring Algorithms
        • Canary Scoring
        • Autonomous Scoring
        • Definite Scoring
        • Comprehensive Scoring
      • Enable integration into CI/CD pipelines
        • Integrate with CI/CD
        • Integrate with Jenkins
      • Continuous Verification Report Details
    • Unified logs report to track issues
    • Observability Plugin
    • Audit
      • Pipeline Execution
      • Pipeline Audit
      • Policy Audit
      • User Audit
    • Insights
      • Delivery Insights
      • Usage Insights
      • Pipeline Insights
      • User Insights
      • Stage Insights
      • Deployment Insights
  • Release Notes
    • OpsMx Enterprise for Spinnaker
      • OES Release Notes for Spinnaker Version v1.33.3
      • OES Release Notes for Spinnaker Version v1.30.1
    • ISD 4.0.x Release Notes
    • OES 3.9.X Release Notes
    • OES 3.8.X Release Notes
    • OES 3.7.X Release Notes
    • OES 3.6.X Release Notes
    • OES 3.5.X Release Notes
    • OES 3.4.X Release Notes
    • OES 3.3.X Release Notes
    • OES 3.2.X Release Notes
    • OES 3.1.X Release Notes
    • OES 3.0.X Release Notes
  • Additional Resources
    • Configuration Changes for 2025.03.00
      • Configuration changes for Opentelemetry with ISD
      • Configuration changes for Kafka Addition
      • Configuration changes for Secure Redis
      • Configuration changes to Disable Auto Pilot
      • Configuration changes for Custom Environment Mapping from Pipeline Name
    • Configuration Changes to Enable / Disable Insights Pages
    • Multi Spinnaker
    • API Reference
    • OpsMx Argo Sandbox Guide
    • Code Labs
      • Red Hat Certified Spinnaker Operator
      • How to Integrate Vault with Spinnaker
      • How to Create Terraform Custom Job in Spinnaker
      • How to Create Terraform Webhook Stage in Spinnaker
      • How to Create Ansible Custom Job in Spinnaker
      • How to set up Mutual TLS (mTLS) Authentication for Spinnaker Services
      • SSH
      • X.509
    • FAQs
    • Glossary
    • Previous releases
      • ISD 3.12
        • OpsMx Intelligent Software Delivery Platform
          • Overview
          • ISD Architecture
            • ISD Deployment Architecture
          • ISD Installation
            • ISD Installation Configuration
            • Helm Chart based installation
            • ISD Installation on OpenShift
            • ISD Installation Guide
            • Routing Web URLs to ISD services
            • ISD On-Prem POV Infrastructure requirements
            • ISD - Commonly used Commands
            • ISD Service Catalogue
            • Environment setup for OpsMx ISD
          • Life Cycle Management
          • OpsMx ISD Setup
            • Applications
              • Add Applications
              • Services and Pipelines
                • Overview
                • Add services and pipelines
                • Multiple services
              • Group Permissions
              • Edit Applications
              • Delete Application
            • Integrations
              • Available Integrations
            • Spinnaker Setup
            • Cloud Providers
              • Add new cloud provider account
              • Cloud provider account operations
            • OpsMx Agent
              • Agent Overview
              • Agent Installation
              • Agent Service Configuration
              • Agent Service Credentials
              • Agent Service Type
              • Delete an Agent
        • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
          • OES Features
            • Automated Workflows
            • Multi-cloud Deployments
            • Safe-Deployment strategies
            • Scalable & Extensible
          • OES Concepts
            • Application Management
            • Application Deployment
          • Feature Configuration
            • Application Management
              • Create an Application
              • Configure an Application
              • Delete an Application
            • Pipeline Management
              • Create a Pipeline
              • Add a Stage
              • Add a Trigger
              • Run a Pipeline
              • Pipeline with Parameter
              • Disable a Pipeline
              • Delete a pipeline
              • Edit a Pipeline
              • View and Restore Pipeline
              • Lock a Pipeline
              • Rename a Pipeline
            • Add Trigger Support
            • Configure Artifact Support
              • Google Cloud Storage
              • GitHub
              • GitHub Artifacts Spinnaker
              • GitLab
              • HTTP
            • Configure the Image Bakery
              • Overview
              • Google Compute Engine
            • Secure Spinnaker
              • Secure Spinnaker Installation
              • Authentication
                • Overview
                • SSL
                • Methods
                  • OAuth 2.0
                  • SAML
                  • LDAP
              • Authorization
                • Overview
                • User Role Providers
                  • Google Group
                  • GitHub Teams
                  • LDAP
                  • SAML
                • Service Account
            • Add CI System
              • Overview and Compatible List of CI Systems by Spinnaker
              • Steps to Configure CI Systems
                • Google Cloud Build
                • Jenkins
                • Travis CI
                • Wercker
            • Enable Monitoring
              • Steps to Setup Supported Monitoring Tools
                • Promethues and Grafana
                • Promethues and Kubernetes
            • List of Custom Stages
              • ServiceNow
              • Pipeline Promotion
              • JIRA
              • Update PR
              • Custom notification
              • ServiceDesk
              • Ansible
              • Terraform
            • SlackOps Interactive Notification
            • How to Setup Replication for Minio Storage Service on Openshift
        • Data and Intelligence Module - Autopilot
          • Overview
          • Installing Autopilot
          • Observability
            • Overview
            • Application Dashboard
            • Application Service View
          • Audit and Traceability
            • Overview
            • Application Audit
              • Pipeline Execution
              • Pipeline
              • Policy Audit
          • Insights
            • Delivery Insights
            • Usage Insights
          • Informed Approval
            • Overview
            • Artifactory
            • Bitbucket
            • Bitbucket Server
            • GITHUB
            • Bamboo
            • Jenkins
            • JIRA
            • ServiceNow
            • Aqua Wave
            • HCL AppScan
            • JFrog Xray
            • Prisma Cloud
            • SonarQube
            • Autopilot
          • Continuous Security
            • Audit Trail
            • Access Management
          • Continuous Compliance - Policy
            • Policy Management - Overview
            • Static Policies
            • Runtime Policies
          • Continuous Verification
            • Overview
            • Analysis Setup
              • Templates
                • Log Template
                • Metric Template
            • Log Analysis
              • Events & Clusters
              • Cardinality consideration of Error Events
              • Interpreting the cluster graph
              • Interpreting the score
              • Perceived Risk and Sensitivity
              • Canary Threshold Calibration
              • Contextual Clustering
              • Info-Cluster Scoring
            • Metric Analysis
            • AppDynamics Verification
              • Using AppDynamics Provider for verification
            • Test Verification
              • Analyze Test runs
            • Scoring Algorithms
              • Canary Scoring
              • Autonomous Scoring
              • Definite Scoring
              • Comprehensive Scoring
            • Enable integration into CI/CD pipelines
              • Integrate with CI/CD
              • Integrate with Jenkins
            • Report Details
            • Supervised Learning
        • Quickstart Guide
          • Contents
          • Quick ISD Installation
            • ISD/Spinnaker (OES) 3.12 Quick Installation
            • Helm based Installation
          • Setup & Configure ISD product
            • ISD Installation Configuration
            • Routing Web URLs to ISD services
            • ISD On-Prem POV Infrastructure requirements
          • Manage Applications
            • Create an Application
            • Configure an Application
            • Delete an Application
          • Manage Pipelines
            • Create a Pipeline
            • Edit a Pipeline
            • Add Intelligent Gates to the Pipeline
              • Add Approval Gate
              • Add Verification Gate
              • Add Test Verification Gate
              • Add Policy Gate
            • Run deployments (Execute pipelines)
              • Deployment to Kubernetes namespace with Manifest file
              • Deployment to Kubernetes namespace with Git based Manifest
              • Manual Approval before deployment
              • Blue/Green deployment using Manifest
              • Helm based deployment to Kubernetes namespace
          • Configure Integrations
            • Add Integrations
            • Edit and Delete Integrations
          • Manage Deployment Accounts
            • Add Deployment Accounts
            • Edit Deployment Accounts
            • Delete Deployment Accounts
          • Manage Policy
            • Create Policy
            • Edit Policy
            • Delete Policy
          • Configure & Setup Spinnaker with ISD
          • Agent Configuration
            • Add a New Agent
            • Configure an Agent
            • Delete an Agent
        • Trial User Guide
          • User Guide
          • SaaS Trial Usage: Instruction Video
          • Copy of Trial User Guide
        • Codelabs
          • Red Hat Certified Spinnaker Operator
          • How to Integrate Vault with Spinnaker
          • How to Create Terraform Custom Job in Spinnaker
          • How to Create Terraform Webhook Stage in Spinnaker
          • How to Create Ansible Custom Job in Spinnaker
          • How to set up Mutual TLS (mTLS) Authentication for Spinnaker Services
          • SSH
          • X.509
        • API Reference
        • FAQs
        • Glossary
        • Release Notes
          • ISD 3.12.x Release Notes
          • ISD 3.11.x Release Notes
          • ISD 3.10.x Release Notes
          • OES 3.9.X Release Notes
          • OES 3.8.X Release Notes
          • OES 3.7.X Release Notes
          • OES 3.6.X Release Notes
          • OES 3.5.X Release Notes
          • OES 3.4.X Release Notes
          • OES 3.3.X Release Notes
          • OES 3.2.X Release Notes
          • OES 3.1.X Release Notes
          • OES 3.0.X Release Notes
        • Upgrade
          • Upgrade from 3.11.x to 3.12.x
          • Upgrade from 3.11.x to 3.11.2
          • Upgrade from 3.11.x to 3.11.1
          • Upgrade from 3.10.x to 3.11
          • Upgrade from 3.9.x to 3.10
          • Upgrade from 3.9.x to 3.9.5
          • Upgrading to OES 3.7
      • ISD 3.10
        • OpsMx Intelligent Software Delivery Platform
          • Overview
          • ISD Architecture
            • ISD Deployment Architecture
          • ISD Installation
            • ISD Installation Configuration
            • Helm Chart based installation - Detailed
            • ISD Installation on OpenShift
          • Life Cycle Management
          • OpsMx ISD Setup
            • Applications
              • Add Applications
              • Services and Pipelines
                • Overview
                • Add services and pipelines
                • Multiple services
              • Group Permissions
              • Edit Applications
              • Delete Application
            • Integrations
              • Available Integrations
            • Spinnaker Setup
            • Cloud Providers
              • Add new cloud provider account
              • Cloud provider account operations
            • OpsMx Agent
              • Agent Overview
              • Agent Installation
              • Agent Service Configuration
              • Agent Service Credentials
              • Agent Service Type
              • Deleting an Agent
        • Orchestration Module - OpsMx Enterprise for Spinnaker (OES)
          • Overview
            • Automated Workflows
            • Multi-cloud Deployments
            • Safe-Deployment strategies
            • Scalable & Extensible
          • Additional Feature Configuration
            • Configure Artifact Support
              • Overview
              • Google Cloud Storage
              • GitHub
              • GitHub Artifacts Spinnaker
              • GitLab
              • HTTP
            • Configure the Image Bakery
              • Overview
              • Google Compute Engine
            • Secure Spinnaker
              • Secure Spinnaker Installation
              • Authentication
                • Overview
                • SSL
                • Methods
                  • OAuth 2.0
                  • SAML
                  • LDAP
                  • X.509
              • Authorization
                • Overview
                • User Role Providers
                  • Google Group
                  • GitHub Teams
                  • LDAP
                  • SAML
                • Service Account
            • Setup Triggers
              • Google Cloud Pub/Sub
              • GitHub WebHook
            • Add CI System
              • Overview and Compatible List of CI Systems by Spinnaker
              • Steps to Configure CI Systems
                • Google Cloud Build
                • Jenkins
                • Travis CI
                • Wercker
            • Enable Monitoring
              • Overview
              • Steps to Setup Supported Monitoring Tools
                • Datadog
                • Promethues and Grafana
                • Promethues and Kubernetes
                • Stackdriver
            • Steps to Setup Canary Support
            • Additional Features Setup
              • Productionize Spinnaker
                • Overview
                • Configure Caching
                  • Configure Scaling
                    • Steps to Scale Orca
                    • Steps to Scale Clouddriver
                  • Configure Persistence
                    • Steps to Setup Set up Orca to use SQL
                  • Steps to Externalize Redis
                  • Steps to Configure Spinnaker’s Usage for Redis
              • Configure Notifications
                • Email
                • HipChat
                • Slack
                • SMS via Twilio
              • Configure User Data(Metadata)
            • Configure Script Stage
            • How to Setup Replication for Minio Storage Service on Openshift
        • Data and Intelligence Module - Autopilot
          • Overview
          • Installing Autopilot
          • Observability
            • Overview
            • Application Dashboard
            • Application Service View
          • Audit and Traceability
            • Overview
            • Application Audit
              • Pipeline Execution
              • Pipeline Changes
            • Policy Audit
          • Insights
            • Overview
            • Delivery Insights
            • Usage Insights
          • Informed Approval
            • Overview
            • JIRA
            • GIT
            • JENKINS
            • AUTOPILOT
            • SONARQUBE
          • Continuous Security
            • Overview
            • Security
            • Access Management
          • Continuous Compliance - Policy
            • Policy Management - Overview
            • Static Policies
            • Runtime Policies
          • Continuous Verification
            • Overview
            • Analysis Setup
              • Templates
                • Log Template
                • Metric Template
            • Log Analysis
              • Events & Clusters
              • Cardinality consideration of Error Events
              • Interpreting the cluster graph
              • Interpreting the score
              • Perceived Risk and Sensitivity
              • Canary Threshold Calibration
              • Contextual Clustering
              • Info-Cluster Scoring
            • Metric Analysis
            • Test Verification
              • Analyze Test runs
            • Scoring Algorithms
              • Canary Scoring
              • Definite Scoring
              • Comprehensive Scoring
              • Autonomous Scoring
            • Enable integration into CI/CD pipelines
              • Integrate with CI/CD
              • Integrate with Jenkins
              • Integrate with Spinnaker (ACA and Canary)
            • Report Details
            • Supervised Learning
      • Spinnaker
        • Spinnaker Concepts
        • Spinnaker Architecture
        • Spinnaker Installation
        • Spinnaker Application
        • Spinnaker Pipeline
        • Cloud & Storage Providers
        • Continuous Integration Providers
        • Trigger Support
        • Authentication and Authorization
        • Caching Agents
        • Configure Caching Agents
        • Configure Slack notifications
        • Integrate Jira with Spinnaker
        • Continuous Deployment to Kubernetes using GitHub triggered Spinnaker pipelines
        • Configure GitHub OAuth
        • Add CI System
          • Overview and Compatible List of CI Systems by Spinnaker
          • Steps to Configure CI Systems
            • Google Cloud Build
            • Jenkins
            • Travis CI
            • Wercker
    • Spinnaker Reference
      • Spinnaker Concepts
      • Spinnaker Architecture
      • Spinnaker Installation
        • Halyard Installation
        • Configure cloud provider
        • Choose your Environment
          • Local Git installation
        • Configure Storage Service
        • Deploy Spinnaker
      • Spinnaker Application
      • Spinnaker Pipeline
      • Cloud & Storage Providers
      • Continuous Integration Providers
      • Trigger Support
      • Authentication and Authorization
      • Caching Agents
      • Configure Caching Agents
      • Configure Slack notifications
      • Integrate Jira with Spinnaker
      • Continuous Deployment to Kubernetes using GitHub triggered Spinnaker pipelines
      • Configure GitHub OAuth
    • Troubleshooting
      • Troubleshooting ISD GitOps Installation Issues
    • Rollback Instructions
      • Revert the GitHub Commit
    • Database
      • Periodic Backup and Recovery of ISD DB
      • Periodic Cleanup of Historic Data in ISD Database
    • Upgrade
      • Upgrade to 2025.03.00
      • Upgrade to 2024.12.00
      • Upgrade to 2024.06.00
      • Upgrade 4.0.3.1 to 4.0.4.3
      • Upgrade from 4.0.4.1 to 4.0.4.2
      • Upgrade from 4.0.4 to 4.0.4.1
      • Upgrade from 4.0.3 to 4.0.4
      • Upgrade from 4.0.3 to 4.0.3.1
      • Upgrade from 4.0.2 to 4.0.3
      • Upgrade from 3.12.x to 4.0.3
        • Changes from 3.12 to 4.0.3 branch
      • Upgrade from 4.0.1 to 4.0.2
      • Upgrade from 3.12.x to 4.0.2
      • Upgrade from 3.12.x to 4.0
      • Upgrade from 3.11.x to 3.12.x
      • Upgrade from 3.11 to 3.11.x
      • Upgrade from 3.10.x to 3.11
      • Upgrade from 3.9.x to 3.10
      • Upgrade from 3.9.x to 3.9.5
      • Upgrading to OES 3.7
  • OpsMx Intelligent Software Delivery (ISD) Platform - Argo
    • Overview
    • Intelligent Software Delivery (ISD) for Argo
    • OpsMx Enterprise for Argo(OEA)
    • Getting Started
      • Platform Installation
      • Getting started with Automated Analysis
      • Automated Analysis User Guide
      • Trial Sandbox User Guide
    • Operator Manual
      • ISD-Argo Standard Installation
        • ISD-Argo Installation with Argo CD and Argo Rollouts
        • ISD-Argo Platform Standard Installation
        • Additional Argo Installation
      • Access Management
      • Configure Authentication Providers through ISD UI
      • Slack Interactive Notification
    • User Guide
      • Application Dashboard
      • Manage Application
        • Create Application
        • Edit Application
        • Sync Application
        • Deploy Application
        • Sync Application Status
        • History and Rollback
        • Refresh Application
        • Delete Application
      • Delivery Verification
        • OpsMx Provider Configmap
        • Templates
          • Create Log Template in ISD UI
          • Create Metric Template in ISD UI
          • Create Log Template in Git
          • Create Metric Template in Git
        • Analysis Template
        • Deployments
        • Analysis History
        • Log Analysis
        • Metric Analysis
        • Interval Analysis
        • Scoring Algorithms
          • Canary Scoring
          • Autonomous Scoring
          • Definite Scoring
          • Comprehensive Scoring
        • Argo Rollouts analysis with ISD and NewRelic
        • Argo Rollouts analysis with ISD and Prometheus
        • Argo Rollouts analysis with ISD and Stackdriver
        • Argo Rollouts analysis with ISD and Elasticsearch
        • Deployments
      • Integrations
        • Available Integrations
      • Notification
      • Argo CD Integration
        • Argo CD Integration with ISD
        • Mapping of host URL with agent-grpc service
      • Insights
      • Audit
        • Deployments Audit
        • System Audit
      • Opsmx Agent
        • Agent Overview
        • Agent Creation
        • Agent Configuration and Installation
        • Edit and Delete Agent
    • Release Notes
      • ISD 4.1 - Release Notes (ISD for Argo)
    • Additional Resources
      • Troubleshooting
        • Troubleshooting ISD Argo Installation Issues
        • Troubleshooting connectivity issues between Argo CD and ISD
      • Upgrade
        • Upgrade ISD-Argo with Argo CD and Argo Rollouts from v4.1.2 to v4.1.3
        • Upgrade ISD-Argo Platform from v4.1.2 to v4.1.3
        • Upgrade ISD-Argo with Argo CD and Argo Rollouts from v4.1.1 to v4.1.2
        • Upgrade ISD-Argo Platform from v4.1.1 to v4.1.2
        • Upgrade Additional Argo from v4.1.1 to v4.1.2
      • Configuration Changes
        • Configuration Changes for 2025.01.00
        • Configuration Changes for 2024.08.00
          • Configuration for System Audit
          • Configuration for Notification
        • Configuration Changes for 4.1.9
        • Configuration Changes for 4.1.8
        • Steps to Generate Token for Agent/Controller v5.x
        • SAML 2 Configuration
        • Controller and Agent Changes for 4.1.7
      • Configuring Application Synchronization (Refresh) Duration
      • Environment setup for ISD-Argo
      • Create API token in Argo CD
      • Create new account for Argo CD with API key and RBAC permissions
      • ISD agent-grpc external IP
      • Previous releases
        • Install Instructions: ISD-Argo v4.1.2
          • ISD-Argo Installation with Argo CD and Argo Rollouts
          • ISD-Argo Platform Standard Installation
          • Additional Argo Installation
        • ISD-Argo v4.1.1
          • Overview
          • Intelligent Software Delivery (ISD) for Argo
          • OpsMx Enterprise for Argo(OEA)
          • Getting Started
            • ISD-Argo Quick Installation
          • Operator Manual
            • Installation and Configuration
              • Installation via curl command
                • ISD-Argo Full Installation via curl command
                • Autopilot Installation via curl command
                • Worker OEA Installation via curl command
              • ISD-Argo Standard Installation
                • ISD-Argo Full Installation
                • ISD-Argo Rollouts Installation
                • Autopilot Installation
                • Worker OEA Installation
              • ISD-Argo On-Prem POV Infrastructure Requirements
              • ISD-Argo On-Prem Production Infrastructure Requirements
              • Environment setup for ISD-Argo
              • Mapping of host URL with agent-grpc service
            • Access Management
            • Slack Interactive Notification
          • User Guide
            • Application Dashboard
            • Manage Application
              • Create Application
              • Edit Application
              • Sync Application
              • Deploy Application
              • Sync Application Status
              • History and Rollback
              • Refresh Application
              • Delete Application
            • Delivery Verification
              • OpsMx Provider Configmap
              • Templates
                • Create Log Template in ISD UI
                • Create Metric Template in ISD UI
                • Create Log Template in Git
                • Create Metric Template in Git
              • Analysis Template
              • Analysis History
              • Log Analysis
              • Metric Analysis
              • Interval Analysis
              • Scoring Algorithms
                • Canary Scoring
                • Autonomous Scoring
                • Definite Scoring
                • Comprehensive Scoring
            • Integrations
              • Available Integrations
            • CD Integration
            • Insights
            • Deployments Audit
            • Opsmx Agent
              • Agent Overview
              • Agent Creation
              • Agent Configuration and Installation
              • Edit and Delete Agent
      • Best Practices for setting up Verification
      • Worker OEA Installation
  • OpsMx Delivery Shield Platform
    • Delivery Shield Overview
    • Getting Started
      • Delivery Shield Feature Overview
      • Installing Delivery Shield
      • Integration with Kubernetes Cluster
        • Integrating Kube Detector
        • Enable Deployment Firewall in Target Clusters
      • Integrating Registry in Delivery Shield
        • ACR
        • ECR
        • GCR
      • Integrating CI and CD tools in Delivery Shield
        • GitHub
        • GitLab
        • Bitbucket
        • Jenkins
        • ArgoCD
        • Spinnaker
        • Quay
        • Docker
        • Google Artifact Registry
        • JFrog Artifactory
        • Sysdig
      • Integrating Security Scanning tools in Delivery Shield
        • Grype
        • VirusTotal
        • Kubescape
        • Snyk
        • Trivy
        • Semgrep
        • Codacy
        • Sonarqube
        • ZAP
        • JFrog Xray
      • Integrating Cloud Service Providers in Delivery Shield
        • AWS
        • ScouteSuite
      • Integrating Other tools in Delivery Shield
        • ChatGPT
        • Slack
        • JIRA
        • MobSF
        • TFsec
        • Custom Policy Source
      • Support Matrix
    • User Guide
      • View Security Posture
        • Organization Security Posture
        • Application Security Posture
          • View Version History
          • Context Graph
        • View Open Security Issues
        • View Current Deployments
        • View Deployment History
      • Manage Policies
        • Global Policies
        • Application Policies
      • Vulnerability Management
      • License Scan
      • Artifact Security
        • Deployed Artifacts
        • Generated Artifacts
        • Plugin Artifacts
        • Mobile Artifacts
      • Global Risk Management
        • OSS Risk
        • Cloud Security
          • Compute
          • Network
          • Security
      • Adhoc Scan
      • Managing Audit
        • Exceptions
      • Deployment Firewall
      • Delivery Bill of Materials (DBOM)
      • Software Bill of Materials (SBOM)
      • Compare Environments using Smart Diff
      • Manage Teams and Access
      • Managing Clusters
      • Compliance Automation
        • NIST 800-53
        • FedRAMP
        • OpenSSF ScoreCard
        • OWASP Top 10 CI CD Security Risks
        • NSA CISA Top 10
        • MITRE-ATT&CK
        • CIS Benchmark Kubernetes
      • AI Powered Features
        • Rules Genie
        • Security Issues Genie
    • Release Notes
    • Additional Resources
      • Whitelisting API Calls for Self-Hosted Delivery Shield
Powered by GitBook
On this page
  • Pre-requisites:
  • Configure LDAP Provider through ISD UI
  • Configure Active Directory Provider through ISD UI
  • Configure SAML Provider through ISD UI

Was this helpful?

  1. OpsMx Intelligent Software Delivery (ISD) Platform - Argo
  2. Operator Manual

Configure Authentication Providers through ISD UI

PreviousAccess ManagementNextSlack Interactive Notification

Last updated 2 years ago

Was this helpful?

OpsMx supports Single Sign-on with the authentication providers OpenLDAP, Active Directory and SAML. You can configure these Authentication Providers through ISD UI.

The integration of ISD with these Authentication Providers enables you to log-in your LDAP, Active Directory and SAML users and groups into ISD with their credentials.

This document provides step-by-step instructions to configure Authentication Providers through ISD UI.

Pre-requisites:

  • ISD Installed

  • Make sure you have Super Admin access to your ISD UI.

  • Account with Authentication Provider

Configure LDAP Provider through ISD UI

An open and widely accepted application protocol for accessing and managing distributed directory information services over an IP network is the Lightweight Directory Access Protocol (LDAP). LDAP is frequently used to offer a central location to store usernames and passwords. As a result, numerous software programmes and services can connect to the LDAP server to verify users.

Follow the procedure below to configure the OpenLDAP Provider through ISD UI.

  1. Click on "Setup" and then click on "Access Management". The "Access Management" page appears as shown in the image below.

  2. Click on “Authentication”. The list of available Authentication Providers and their respective fields appears. Select the “LDAP” and fill out the information about it that appears on the right pane of the screen and then click the “Save” button. Refer to the images below.

Update the following information on the above screen to configure the OpenLDAP provider:

Connection Settings:

  • Vendor: Select the “Other” as LDAP vendor(provider) from the drop-down.

  • Connection URL: Connection URL to your LDAP server. Once you enter the “Connection URL”, click on the “Test Connection” button. If the URL is valid, it will show the “Successful” message stating “Successfully connected to LDAP.”

  • Bind Type: Type of the Authentication Method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server. Currently “none” (Anonymous LDAP Authentication) or “simple”(Bind credential + Bind password Authentication) mechanisms are available. Select “simple” from the drop-down.

  • Bind DN: DN of LDAP admin which will be used by keycloak to access LDAP server. You need to provide the user tree path who has complete access to the entire LDAP tree.

  • Bind Credential: Password of LDAP admin. This field is able to obtain its value from the vault and use ${vault.ID} format. Once you enter the password, click on the “Test Authentication” button. If the credentials are valid, it will show the “Successful” message stating “Successfully connected to LDAP”.

User Search Settings:

  • User Object Classes: All values of LDAP objectClass attribute for users in LDAP, divided by commas. LDAP user records are found just if they contain all those object classes.

  • Users DN: Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid='john',ou=users,dc=example,dc=com

In addition to the above parameters in “User Search Settings” if you wish, you can try the following advanced options.

  • Edit Mode: The mode of communication between ISD and LDAP. This is always READ_ONLY.

  • Username LDAP attribute: Name of the LDAP attribute, which is mapped as ISD username. For many LDAP server vendors it can be 'uid'. The attribute should be filled for all LDAP user records you want to import from LDAP.

  • RDN LDAP attribute: Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required.

  • UUID LDAP attribute: Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example, for Active Directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in the tree. For example 'uid' or 'entryDN'.

Group Search Settings:

  • Group DN: LDAP DN where groups of this tree are saved. For example 'ou=groups,dc=example,dc=org'

  • Group Search Filter: Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member' .However when 'Membership Attribute Type' is 'UID' then 'Membership LDAP Attribute' could be typically 'memberUid'.

  • Group Role Name Attribute: Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn' . In this case typical group/role object may have DN like 'cn=Group1,ou=groups,dc=example,dc=org'

In addition to the above parameters in “Group Search Settings” if you wish, you can try the following advanced options.

  • Group Object Classes: Object class (or classes) of the group object. It is divided by comma if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'.

  • Membership User LDAP Attribute: Used just if Membership Attribute Type is UID. It is the name of LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid' . For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid: john', then it is expected that particular LDAP user will have attribute 'uid: john'.

  • Membership Attribute Type:

    • DN means that LDAP group has its members declared in the form of their full DN. For example, 'member: uid=john,ou=users,dc=example,dc=com' .

    • UID means that the LDAP group has its members declared in the form of pure user uids. For example 'memberUid: john'.

  • Mode:

    • LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP.

    • READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB.

    • IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when a user is imported from LDAP and then they are saved to local ISD DB.

  • User Groups Retrieve Strategy: Specify how to retrieve groups of user.

    • LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user.

    • GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user. Or from the other attribute specified by 'Member-Of LDAP Attribute'.

  • Member-Of LDAP Attribute:

  • After filling the data fields with the necessary information in the above screen, Turn ON the “Enabled” button and then click the “Save” button.

Now you are done with enabling LDAP as an authentication provider. Any of the users who belong to your user group in LDAP can access the ISD UI by logging-in with their credentials.

Configure Active Directory Provider through ISD UI

The application protocol LDAP is used to interact with different directory services. Passwords and other security data are stored in directory services like Active Directory, along with user and account information. The information can then be shared with other networked devices. LDAP can be used by enterprise applications to authenticate, access, and find data.

Follow the procedure below to configure the Active Directory Provider through ISD UI.

  1. Click on "Setup" and then click on "Access Management". The "Access Management" page appears as shown in the image below.

  2. Click on “Authentication”. The list of available Authentication Providers and their respective fields appears. Select the “LDAP” and fill out the information about it that appears on the right pane of the screen and then click the “Save” button. Refer to the images below.

Update the following information on the above screen to configure the “Active Directory” provider:

Connection Settings:

  • Vendor: Select the “Active Directory” as LDAP provider from the drop-down.

  • Connection URL: LDAP Provider URL to your LDAP server. Once you enter the “Connection URL”, click on the “Test Connection” button. If the URL is valid, it will show the “Successful” message stating “Successfully connected to LDAP.”

  • Bind Type: Type of the Authentication Method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server. Currently “none” (Anonymous LDAP Authentication) or “simple”(Bind credential + Bind password Authentication) mechanisms are available. Select “simple” from the drop-down.

  • Bind DN: DN of LDAP admin which will be used by keycloak to access LDAP server. You need to provide the user tree path who has complete access to the entire LDAP tree.

  • Bind Credential: Password of LDAP admin. This field is able to obtain its value from the vault and use ${vault.ID} format. Once you enter the password, click on the “Test Authentication” button. If the credentials are valid, it will show the “Successful” message stating “Successfully connected to LDAP”.

User Search Settings:

  • User Object Classes: All values of LDAP objectClass attribute for users in LDAP, divided by commas. LDAP user records are found just if they contain all those object classes.

  • Users DN: Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid='john',ou=users,dc=example,dc=com

In addition to the above parameters in “User Search Settings” if you wish, you can try the following advanced options.

  • Edit Mode: The mode of communication between ISD and LDAP. This is always READ_ONLY.

  • Username LDAP attribute: Name of the LDAP attribute, which is mapped as ISD username. For many LDAP server vendors it can be 'uid'. For Active Directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP.

  • RDN LDAP attribute: Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. For example, for Active Directory, it is common to use 'cn' as RDN attribute when the username attribute might be 'sAMAccountName'.

  • UUID LDAP attribute: Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example, for Active Directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in the tree. For example 'uid' or 'entryDN'.

Group Search Settings:

  • Group DN: LDAP DN where groups of this tree are saved. For example 'ou=groups,dc=example,dc=org'

  • Group Search Filter: Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member' .However when 'Membership Attribute Type' is 'UID' then 'Membership LDAP Attribute' could be typically 'memberUid'.

  • Groupe Role Name Attribute: Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn' . In this case typical group/role object may have DN like 'cn=Group1,ou=groups,dc=example,dc=org'

In addition to the above parameters in “Group Search Settings” if you wish, you can try the following advanced options.

  • Group Object Classes: Object class (or classes) of the group object. It is divided by comma if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.

  • Membership User LDAP Attribute: Used just if Membership Attribute Type is UID. It is the name of LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid' . For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid: john', then it is expected that particular LDAP user will have attribute 'uid: john'.

  • Membership Attribute Type:

    • DN means that LDAP group has its members declared in the form of their full DN. For example, 'member: uid=john,ou=users,dc=example,dc=com' .

    • UID means that the LDAP group has its members declared in the form of pure user uids. For example 'memberUid: john'.

  • Mode:

    • LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP.

    • READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB.

    • IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when a user is imported from LDAP and then they are saved to local ISD DB.

  • User Groups Retrieve Strategy: Specify how to retrieve groups of user.

    • LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user.

    • GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user. Or from the other attribute specified by 'Member-Of LDAP Attribute'.

  • Member-Of LDAP Attribute:

    • After filling the data fields with the necessary information in the above screen, Turn ON the “Enabled” button and then click the “Save” button.

Now you are done with enabling Active Directory as an authentication provider. Any of the users who belong to your user group in Active Directory can access the ISD UI by logging-in with their credentials.

Configure SAML Provider through ISD UI

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization information between parties such as identity provider and a service provider.

Note: For configuring SAML, you should have an okta administrator account and you should be able to create a new app integration in okta.

Following are the sequence of activities to configure the SAML Provider through ISD UI.

  1. Create App Integration in Okta

  2. Steps to Configure SAML Provider through ISD UI

Create Application Integration in Okta

Follow the procedure below to create an application integration in okta.

  1. After you login into Okta, click on “Applications” under Applications in the left side navigation pane and then click on the “Create App Integration” button. Refer to the image below.

  2. Now the “Create a new app integration” screen appears. Select “SAML 2.0” and click the “Next” button. Refer to the image below.

  3. Provide a name to the app and click the “Next” button. Refer to the image below.

  4. Now the “SAML Settings” screen appears under the “Configure SAML” page as shown below.

Update the following information on the above screen:

  • Single sign-on URL: The Redirect URL from the “SAML Provider” page in ISD UI. Go to “Setup” → “Access Management”→ “Authentication” → SAML in the ISD UI and copy the Redirect URL and paste here. Refer to the image below.

  • Audience URL (SP Entity ID): The Service Provider Entity ID from the “SAML Provider” page in ISD UI. Go to “Setup” → “Access Management”→ “Authentication” → SAML in the ISD UI and copy the Service Provider Entity ID and paste here. Refer to the image below.

  • Name ID format: Select the “EmailAddress” from the drop-down.

  • Application Username: Select the “Email” from the drop-down.

  • Update application username on: Select the “Create and update” from the drop-down.

  1. In the same “Configure SAML” page, further scroll-down to the “Group Attribute Statements” screen as shown below.

Update the following information on the above screen and click the “Next” button.

  • Name: Give the name as “memberOf”

  • Filter: Select “Matches regex” from the drop-down and enter “.*” in the empty data field next to the dropdown.

  1. Now the “Feedback” page appears. Select the “I’m a software vendor, I’d like to integrate my app with Okta” in the Feedback page and click the “Finish” button. Refer to the image below.

  2. Click on the “View SAML setup instructions” under “SAML Setup” as shown below.

  3. Once you click on the “View SAML setup instructions”, the following screen appears. Scroll-down to “Optional”. You will find the IDP metadata under “Optional”. Copy the entire metadata and save it as a file in XML format. This file is required when you are configuring the SAML provider in ISD UI.

Steps to Configure SAML Provider through ISD UI

Follow the steps below to configure the SAML Provider through ISD UI.

  1. Click on "Setup" and then click on "Access Management". The "Access Management" page appears as shown in the image below.

  2. Click on “Authentication”. The list of available Authentication Providers and their respective fields appears. Select the “SAML” and fill out the information about it that appears on the right pane of the screen and then click the “Save” button. Refer to the images below.

Update the following information on the above screen to configure the SAML provider:

  • Redirect URL: The redirect URL to use when configuring the identity provider.

  • Identity Provider Metadata: Import the metadata file downloaded from your Identity Provider. For detailed information on how to download the metadata and create a file, Refer here.

  • Click on the “Choose File” button under “Import from file” to import the metadata file from the location where you have saved it.

  • Service Provider Entity ID: The Entity ID that will be used by your IDP to uniquely identify this SAML Service Provider (ISD).

  • Single Sign-On Service URL: The URL that must be used to send authentication requests (SAML AuthnRequest).

  • Group Attribute: The group attribute helps ISD to identify the groups the user belongs to. You can add group attribute statements to the SAML assertion shared with ISD from your Identity Provider. The value entered here should match the name of the group attribute on your IDP. By default it is “memberOf”.

  • After filling the data fields with the necessary information in the above screen, Turn ON the “Enabled” button and then click the “Save” button.

Now you are done with enabling SAML as an authentication provider. Any of the users who belong to your user group in SAML can access the ISD UI by logging-in with their credentials.