Integrate Jenkins with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate Jenkins installed on-premises with Portnox™ Zero Trust Network Access.

Prerequisites:

  • Jenkins installed on-premises (Windows or Linux) on a virtual or physical machine with Internet access.

  • A domain configured in a local DNS server, with Jenkins accessible using that domain (for example, vorlon.local).

  • Jenkins configured to run over HTTPS (a self-signed certificate is acceptable for testing), on the default HTTPS port: 443.

If everything is set up correctly, you should be able to access Jenkins using a URL such as https://vorlon.local/.

Install the Jenkins miniOrange SSO plugin

In this step, you will install the miniOrange SAML SSO plugin for Jenkins.

  1. In a browser tab, access your on-premises Jenkins web interface using a browser, for example: https://vorlon.local/.

    From now on, we will call this tab the Jenkins tab.

  2. Click on the  ⚙  icon in the top-right corner to access Jenkins configuration, and then click on the Plugins tile.

  3. In the Plugins pane:
    1. In the left-hand side menu, click on the Available plugins option.
    2. In the  🔍  field, type: SAML.
    3. Activate the checkbox next to the SAML Single Sign On (SSO) entry.
    4. Click on the Install button.

    Note: The plugin repository also contains a different SAML plugin, which is likely to work just as well as the miniOrange plugin.
  4. Click on the  ⚙  icon in the top-right corner to access Jenkins configuration, and then click on the Security tile.

  5. In the Security pane, in the Security Realm field, select the miniOrange SAML 2.0 option.

  6. Click on the  ⚙  icon in the top-right corner to access Jenkins configuration, and then click on the miniOrange SAML SSO tile.

  7. Keep this browser tab open. You will need it later.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Jenkins.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web application option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name Jenkins for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Copy configuration values from the Jenkins tab to the Portnox tab

In this section, you will copy the values displayed in your Jenkins SAML SSO setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the Jenkins tab, in the miniOrange SAML SP plugin configuration pane, click on the  ⧉  icon next to the SP Entity ID field to copy the value of this field to your clipboard.

  2. In the Portnox tab, in the Resource properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from Jenkins.

  3. In the Jenkins tab, click on the  ⧉  icon next to the ACS URL field to copy the value of this field to your clipboard.

  4. In the Portnox tab, in the Resource properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from Jenkins.

Copy configuration values from the Portnox tab to the Jenkins tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Jenkins SAML SSO setup section.

  1. In the Portnox tab, in the SAML metadata section, click on the  ⧉  icon next to the text field to copy the value.

  2. In the Jenkins tab, click on the empty field under the Enter metadata URL label and paste the value copied from Portnox Cloud.

  3. Click on the Validate metadata URL button to validate the URL.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Jenkins.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: Click on the Next button, and in the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Add resource button.

  2. Finalize the configuration in the Jenkins tab.
    1. Click on the Save button in the bottom-right corner.

Result: You have configured your on-premises Jenkins installation to be accessible using Portnox Zero Trust Network Access.