Buildkite

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Buildkite using SAML.

About Buildkite

Buildkite helps you create the best automation and collaboration tools for building and shipping software.

After integrating the Buildkite Application with Oracle Identity Cloud Service:

  • Users can access Buildkite using their Oracle Identity Cloud Service login credentials.
  • Users can start Buildkite using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Buildkite app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage applications and users (Identity Domain Administrator or Application Administrator).
  • A Buildkite account with authorization rights to create an organization and to configure federated authentication.

Configuring the Buildkite App in Oracle Identity Cloud Service

Use this section to register and activate the Buildkite SaaS App, and then assign users to the application.

Prerequisite Step

An Organization should be created in Buildkite before you can register and activate the Buildkite application in Oracle Identity Cloud Service.

To create an organization:

  1. From the home page in Buildkite, click Organization, and then click Create New Organization.

  2. Type the Organization name, and then click Create Organization.

Registering and Activating the Buildkite App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Buildkite, and then click Add.

  4. In the App Details section, enter the organization name in the Organization field, and then click Next.

  5. Click Download IDCS Metadata.

    Tip: This file is used later during the Buildkite configuration in the "Configuring SSO for Buildkite" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the Buildkite App

  1. On the Buildkite SaaS Application page in Oracle Identity Cloud Service, select the Users tab, and then click Assign. The Assign Users window appears.

  2. Select the users that you want to assign to Buildkite, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Buildkite application is assigned to the users that you selected.

Configuring SSO for Buildkite

To configure SSO for Buildkite, you must email the Oracle Identity Cloud Service metadata file that you downloaded to support@buildkite.com.

Verifying the Integration

Use this section to verify that SSO initiated from both Oracle Identity Cloud Service (IdP Initiated SSO) and Buildkite (SP Initiated SSO) works.

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Buildkite application. Oracle Identity Cloud Service displays a shortcut to Buildkite under My Apps.

  3. Click Buildkite. The Buildkite home page appears.

  4. On the Buildkite home page, confirm that the user that is logged in is the same for both Buildkite and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Buildkite

  1. Access the Buildkite login page, enter only the Email address, and then click the Login button that is provided for signing in via Oracle Identity Cloud Service.

    You are redirected to the Oracle Identity Cloud Service login page.

  2. Log in using credentials for a user that is assigned to the Buildkite SaaS Application. The Buildkite home page appears.

  3. On the Buildkite home page, confirm that the user that is logged in is the same for both Buildkite and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Buildkite works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Oracle Identity Cloud Service displays the message, “You are not authorized to access the app. Contact your System administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Buildkite App and Buildkite is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then Buildkite.
  • Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The error occurs when the administrator revokes access for the user at the same time that the user is trying to access the Buildkite application using Oracle Identity Cloud Service.

Solution 2: Access the Oracle Identity Cloud Service administration console, select Applications, Buildkite, Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.