Authentik SSO with Zoho
Providers
The following providers are needed by this module:
-
authentik (2024.2.0)
-
kubernetes (2.27.0)
-
random (3.6.0)
-
tls (4.0.5)
Required Inputs
The following input variables are required:
authentik_domain
Description: The domain name of the authentik instance
Type: string
authentik_namespace
Description: The kubernetes namespace where Authentik is deployed
Type: string
media_configmap
Description: The configmap holding the static media that Authentik will use
Type: string
organization_name
Description: The name of your organization
Type: string
zoho_acs_url
Description: The ACS url provided by Zoho when configuring an external identity provider
Type: string
zoho_sign_in_url
Description: The sign-in url provided by Zoho when configuring an external identity provider
Type: string
Optional Inputs
The following input variables are optional (have default values):
allowed_groups
Description: Only members of these groups can access AWS
Type: set(string)
Default: []
ui_description
Description: The description to display in the Authentik web dashboard
Type: string
Default: "Zoho"
ui_group
Description: The section in the Authentik web dashboard that this will appear in
Type: string
Default: "Admin"
zoho_issuer
Description: The issuer provided by Zoho when configuring an external identity provider
Type: string
Default: "zoho.com"
Outputs
The following outputs are exported:
saml_metadata
Description: n/a
Usage
Sign-in URL
For IDP-initiated logins, the zoho_sign_in_url
variable must be provided.
This is not found in the Zoho web UI and must be constructed manually.
It is of the form https://accounts.zoho.com/samlauthrequest/<domain>?serviceurl=<zoho_service>
where
-
<domain>
is a domain that has been verified with Zoho -
<zoho_service>
is thehttps
url of a Zoho service (e.g.,https://one.zoho.com
)