chainctl iam identity-providers create
chainctl iam identity-providers create
Create an identity provider
chainctl iam identity-providers create --group=GROUP [--name=NAME] [--description=DESCRIPTION] --oidc-issuer=ISSUER --oidc-client-id=CLIENTID --oidc-client-secret=CLIENTSECRET [--oidc-additional-scopes=SCOPE,...] --default-role=ROLE [--output table|json|id]
Examples
# Setup a custom OIDC provider and bind new users to the viewer role
chainctl iam identity-provider create --name=google --group=example \
--oidc-issuer=https://accounts.google.com \
--oidc-client-id=foo \
--oidc-client-secret=bar \
--default-role=viewer
Options
--configuration-type string Type of identity provider. Only OIDC supported currently (default "OIDC")
--default-role string Role to grant users on first login
--description string Description of identity provider
--group string The name or ID of the group the identity provider belongs to.
-h, --help help for create
--name string Name of identity provider
--oidc-additional-scopes stringArray additional scopes to request for OIDC type identity provider
--oidc-client-id string client id for OIDC type identity provider
--oidc-client-secret string client secret for OIDC type identity provider
--oidc-issuer string Issuer URL for OIDC type identity provider
-y, --yes Automatic yes to prompts; assume "yes" as answer to all prompts and run non-interactively.
Options inherited from parent commands
--api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev")
--audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev")
--config string A specific chainctl config file.
--console string The url of the Chainguard platform Console. (default "https://console.enforce.dev")
--issuer string The url of the Chainguard STS endpoint. (default "https://issuer.enforce.dev")
-o, --output string Output format. One of: ["", "json", "id", "table", "terse", "tree", "wide"]
--timestamp-authority string The url of the Chainguard Timestamp Authority endpoint. (default "https://tsa.enforce.dev")
-v, --v int Set the log verbosity level.
SEE ALSO
- chainctl iam identity-providers - customer managed identity provider management
Last updated: 2023-12-04 18:58