keboola · MonikaFeigler · Oct 21, 2024 · Oct 17, 2024 · Oct 17, 2024 · Oct 17, 2024
diff --git a/_data/navigation.yml b/_data/navigation.yml
@@ -453,7 +453,19 @@ items:
 
       - url: /components/data-apps/
         title: Data Apps
-
+        items:
+          - url: /components/data-apps/oidc/
+            title: OpenID Connect
+            items:
+              - url: /components/data-apps/oidc/auth0/
+                title: Auth0
+              - url: /components/data-apps/oidc/google-cloud-platform/
+                title: Google Cloud Platform
+              - url: /components/data-apps/oidc/microsoft-entra-id/
+                title: Microsoft Entra ID
+              - url: /components/data-apps/oidc/okta/
+                title: Okta
+
       - url: /components/branches/
         title: Development Branches
 

diff --git a/components/data-apps/oidc/auth0/index.md b/components/data-apps/oidc/auth0/index.md
@@ -0,0 +1,71 @@
+---
+title: Auth0
+permalink: /components/data-apps/oidc/auth0/
+---
+
+* TOC
+{:toc}
+
+This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola data apps, specifically for use on Auth0.
+
+## Step 1: Create a New OAuth 2.0 Client ID in Auth0
+Follow these steps to create a new OAuth 2.0 client ID in Auth0:
+
+- Go to the Auth0 and log in.
+- Select **Applications** and click **Applications**.
+- Click **+Create Application**.
+- Select **End users authenticate through my application**.
+- Then select **Frontend**.
+- Choose **Other browser technology** as an application technology and give your application a name, for example, "Streamlit OIDC Demo". Then click **Continue**.
+- Choose **Python** as a technology you are using in your web app.
+- You do not have the **Allowed callback URL** yet; you will need to create a data app in Keboola first.
+- Click **Save Changes** to finish.
+
+## Step 2: Create a Data App in Keboola
+Follow these steps to configure you data app in Keboola:
+
+- Go to your Keboola project.
+- Click **Data Apps**.
+- Create a new data app by clicking the green **+** button.
+- Give your app a name and click **Create Data App** to finalize the creation.
+
+## Step 3: Set Up the Authentication Method
+Follow these steps to set up the authentication method for your data app:
+
+- Go to the newly created data app.
+- Click the **Information & Settings** tab.
+- Under **Authentication**, select **OIDC** and then **Generic OIDC**.
+- Copy the client ID from your Auth0 application to the **Client ID** field in Keboola.
+- Copy the client secret from the Auth0 application to the **Client secret** field in Keboola.
+- In the **Issuer URL** field, enter `https://<yourDomain>.us.auth0.com/`, which is the correct issuer URL for Google OAuth 2.0.
+- Click **Save** to apply the changes.
+
+## Step 4: Set Up the Auth0 Consent Screen
+Follow these steps to configure your data app's consent screen in Auth0:
+
+- Go to the Auth0 and open your OIDC application.
+- Go to the **Settings** tab and enter the **Allowed callback URL**. The format of the callback URL is as follows:
+`https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback`
+(e.g., `https://auth0-oidc-data-app-1234567890.hub.keboola.com/_proxy/callback`)
+- Save the changes.
+
+## Step 5: Deploy the Data App in Keboola
+Follow these steps to deploy your data app in Keboola:
+
+- Go back to your data app in Keboola.
+- Click the **Deploy data app** tab.
+- Select **Code** or **GitHub** deployment type and add code of your application.
+- Click the green **Deploy Data App** button to deploy the application.
+
+## Step 6: Test your Data App
+Follow these steps to test your new data app:
+
+- Go to the data app's URL.
+- You should be redirected to the Auth0 consent screen.
+- Log in with your Auth0 account to verify your identity.
+- The Data App should display its content.
+
+
+
+
+
diff --git a/components/data-apps/oidc/google-cloud-platform/index.md b/components/data-apps/oidc/google-cloud-platform/index.md
@@ -0,0 +1,66 @@
+---
+title: Google Cloud Platform
+permalink: /components/data-apps/oidc/google-cloud-platform/
+---
+
+* TOC
+{:toc}
+
+This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola data apps, specifically for use on Google Cloud Platform (GCP).
+
+## Step 1: Create a New OAuth 2.0 Client ID in GCP
+Follow these steps to create a new OAuth 2.0 client ID in GCP:
+
+- Go to the GCP console.
+- Select **APIs & Services**.
+- Click **Credentials**, then **Create Credentials**.
+- Select **OAuth 2.0 Client ID**.
+- Choose **Web application** as the application type.
+- Give your client ID a name, for example, "Streamlit OIDC Demo".
+- Enter the **Authorized redirect URIs** pointing back to your data app. <br>Make sure to add `/_proxy/callback` to the end of your redirect URL. This is how Keboola will send the authentication response to your app. The format of the redirect URL is as follows: `https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback` (e.g., `https://google-oidc-data-app-1234567890.hub.keboola.com/_proxy/callback`).
+- Click **Create** to finish.
+
+## Step 2: Create a New Data App in Keboola
+Follow these steps to start configuring your data app in Keboola:
+
+- Go to your Keboola project.
+- Select **Data Apps**.
+- Create a new data app by clicking the green **+** button.
+- Give your app a name and click **Create Data App** to finalize the creation.
+
+## Step 3: Set Up the Authentication Method
+Follow these steps to set up the authentication method for your data app:
+
+- Go to the newly created data app.
+- Click the **Information & Settings** tab.
+- Under **Authentication**, select **OIDC** and then **Generic OIDC**.
+- Copy the client ID from your Google Cloud Project to the **Client ID** field in Keboola.
+- Copy the client secret from your Google Cloud Project to the **Client secret** field in Keboola.
+- In the **Issuer URL** field, enter `https://accounts.google.com`, which is the correct issuer URL for Google OAuth 2.0.
+- Click **Save** to apply the changes.
+
+## Step 4: Configure the OAuth Consent Screen
+Follow these steps to configure your data app's OAuth consent screen in your Google Cloud project:
+
+- Go to the OAuth 2.0 client ID you created in the first step.
+- Click the **OAuth consent screen** tab.
+- Update the application details, including the app name, support email, and application homepage link.000
+- Under **Authorized domains**, add `http://keboola.com`. This ensures that Keboola's domain is recognized as an authorized domain for your OAuth 2.0 app.
+- You do not have the redirect URl yet; you will need to deploy your data app in Keboola first. 
+- Click **Save and continue** to proceed.
+
+## Step 5: Deploy the Data App
+Follow these steps to deploy your data app in Keboola:
+
+- Go back to your data app in Keboola.
+- Click the **Deploy Data App** tab.
+- Select **Code** or **GitHub** deployment type and add code of your application.
+- Click the green **Deploy Data App** button to deploy the application.
+
+## Step 6: Test the Data App
+Follow these step to test your new data app:
+
+- Go to the data app's URL.
+- You should be redirected to the Google OAuth consent screen.
+- Log in with your Google account to verify your identity.
+- The data app should display its content.
diff --git a/components/data-apps/oidc/index.md b/components/data-apps/oidc/index.md
@@ -0,0 +1,17 @@
+---
+title: OpenID Connect
+permalink: /components/data-apps/oidc/
+---
+
+OpenID Connect (OIDC) is a protocol that enables secure sharing of user profile information between two unrelated applications 
+without exposing the user's credentials.
+
+See the following articles for step-by-step information on how to configure the OIDC protocol for Keboola data apps:
+
+- [Auth0](/components/data-apps/oidc/auth0/)
+- [Google Cloud Platform](/components/data-apps/oidc/google-cloud-platform/)
+- [Microsoft Entra ID](/components/data-apps/oidc/microsoft-entra-id/)
+- [OKTA](/components/data-apps/oidc/okta/)
+- GitHub (coming soon)
+- BitBucket (coming soon)
+- LinkedIn (coming soon)
diff --git a/components/data-apps/oidc/microsoft-entra-id/index.md b/components/data-apps/oidc/microsoft-entra-id/index.md
@@ -0,0 +1,72 @@
+---
+title: Microsoft Entra ID
+permalink: /components/data-apps/oidc/microsoft-entra-id/
+---
+
+* TOC
+{:toc}
+
+This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola data apps, specifically for use on Microsoft Entra ID.
+
+## Step 1: Create a New OAuth 2.0 Client ID
+Follow these steps to create a new OAuth 2.0 client ID in Microsoft Entra ID:
+
+- Go to portal.azure.com.
+- Search for **Entra ID** and select **Microsoft Entra ID**.
+- Click **+ Add** and select **App registration**.
+- Provide a human-readable name for the app.
+- Open your app. Go to **Manage → Authentication** and click **Add a platform**.
+- Choose **Web**.
+- You do not know your redirect URL yet; first, you need to create a data app in Keboola. 
+- Set up group claim. <br>The app needs to be able to provide all user groups because this will be necessary later to authenticate users based on groups. To enable  this, go to **Manage -> Token configuration** and click **Add groups claim**. 
+- For large companies, we recommend using the last option to retrieve only the groups assigned to the application. Otherwise, all user roles will be included in the response.
+
+This step is unnecessary if you selected **All groups** in the previous step: 
+- Assign appropriate groups to the application. Go to **Overview** and click the link `Managed application in local directory`.
+- Add groups to your application.
+- Assign groups and click **Assign**.
+
+Then you will generate app secrets. Go back to app registrations, then continue to **Manage -> Certificates and secrets** and create **New client secret**.
+Provide a human-readable description and click **Add**. Save **Value** because you won’t be able to reveal it.
+
+## Step 2: Configure Your Data App in Keboola
+Follow these steps to configure you data app in Keboola:
+
+- Go to your Keboola project.
+- Click **Data Apps**.
+- Create a new data app by clicking the green **+** button.
+- Give your app a name and click **Create Data App** to create the app.
+
+## Step 3: Configure the Authentication Method for Your Data App
+Follow these steps to set up the authentication method for you data app:
+
+- Go to the newly created data app.
+- Click the **Information & Settings** tab.
+- Under **Authentication**, select **OIDC** and then **Azure OIDC**.
+- Provide credentials from the Azure portal, such as the **Client ID**, **Client Secret**, and **Tenant ID**.
+- Click **Save** to apply the changes.
+- Deploy the data app to get the data app URL, which you will need to specify as the redirect URL.
+
+## Step 4: Configure the OAuth Consent Screen
+Follow these steps to set up your data app's OAuth consent screen in the Azure portal.
+
+- Go to the Azure portal and open your app.
+- Enter the redirect URL. <br>Make sure to add `/_proxy/callback` to the end of your redirect URL. This is how Keboola will send the authentication response to your app. Format of the redirect URL is as follows:
+`https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback` (e.g., `https://123456789.hub.europe-west3.gcp.keboola.com/_proxy/callback`).
+- Save the changes.
+
+## Step 5: Deploy Your Data App in Keboola
+Follow these steps to deploy the data app in Keboola:
+
+- Go back to your data app in Keboola.
+- Click the **Deploy Data App** tab.
+- Select **Code** or **GitHub** deployment type and add code of your application.
+- Click the green **Deploy Data App** button to deploy the application.
+
+## Step 6: Test Your Data App
+Follow these steps to test your new data app:
+
+- Go to the data app's URL.
+- You should be asked to log in using your Entra ID account.
+- After successfully loging in, you will be redirected to the app.
+- The data app should display its content.
diff --git a/components/data-apps/oidc/okta/index.md b/components/data-apps/oidc/okta/index.md
@@ -0,0 +1,63 @@
+---
+title: Okta
+permalink: /components/data-apps/oidc/okta/
+---
+
+* TOC
+{:toc}
+
+This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola data apps, specifically for use on Okta.
+
+## Step 1: Create a new OAuth 2.0 Client ID in Okta
+Follow these steps to create a new OAuth 2.0 client ID in Okta:
+
+- Go to the Okta Admin Console.
+- Click **Applications** and then click **Applications** again.
+- Click **Create App Integration**.
+- Select **OIDC - OpenID Connect** as the sign-in method.
+- Choose **Web application** as the application type.
+- Give your web app integration a name, for example, "Streamlit OIDC Demo".
+- You do not have your sign-in redirect URI yet; you'll need to create a data app in Keboola first.
+- Click **Save** to finish.
+
+## Step 2: Configure Your Data App in Keboola
+Follow these steps to set up a new data app in Keboola:
+
+- Go to your Keboola project.
+- Click **Data Apps**.
+- Create a new data app by clicking the green **+** button.
+- Give your app a name and click **Create Data App** to create the app.
+
+## Step 3: Configure the Authentication Method for Your Data App
+Follow these steps to set up the authentication method for your data app:
+
+- Go to the newly created data app.
+- Click the **Information & Settings** tab.
+- Under **Authentication**, select **OIDC** and then **Generic OIDC**.
+- Copy the client ID from your Okta application to the **Client ID** field in Keboola.
+- Copy the client secret from your Okta application to the **Client secret** field in Keboola.
+- In the **Issuer URL** field, enter `https://<yourOktaOrg>.okta.com/oauth2/default`. This is the correct issuer URL for Okta OIDC setup.
+- Click **Save** to apply the changes.
+
+## Step 4: Configure Your Data App's Consent Screen in Okta
+Follow these steps to set up your data app's consent screen in Okta:
+
+- Go to the Okta Admin Console and open your web app integration.
+- Enter the sign-in redirect URIs back to your data app. <br>Make sure to add `/_proxy/callback` to the end of your redirect URL. <br>This is how Keboola will send the authentication response to your app. The format of the redirect URL is as follows: `https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback`
+(e.g., `https://okta-oidc-data-app-1234567890.hub.north-europe.azure.keboola.com/_proxy/callback`).
+- Click **Save** to finish.
+
+## Step 5: Deploy Your Data App in Keboola
+Follow these steps to deploy your data app in Keboola:
+
+- In your data app in Keboola, click the **Deploy Data App** tab.
+- Select **Code** or **GitHub** deployment type and add code of your application.
+- Click the green **Deploy Data App** button to deploy the application.
+
+## Step 6: Test Your Data App
+Follow these steps to test your new data app:
+
+- Go to the data app's URL.
+- You should be redirected to the Okta consent screen.
+- Log in with your Okta account to verify your identity.
+- The data app should display its content.