DEV Community

Andree Toonk for AWS Community Builders

Posted on

Using Okta to Control Access to Your Docker Containers

This article was originally published on our blog at border0.com

Imagine you have a Docker host with various containers to which you need access. Depending on your scenario, that can be hard — very hard. Maybe your host is behind NAT, a firewall, in a private network, or even in a different region altogether. You need to access those containers, but security and logistics get in the way. What if you could access them securely, from anywhere, without the hassle?‍

In this blog, I’ll introduce a new type of Border0 service that makes it all possible. This new service is specifically designed for Docker hosts, making it easy to access your containers from anywhere without the hassle of VPNs or compromising on security. I’ll also demonstrate (video) how to add Okta to our setup, meaning we can access our containers securely using just our Okta credentials.‍

The Pain of Container Access

You’re not alone if you’re struggling with accessing your containers remotely. Many teams face the same issue: you need to access containers on a Docker host, but VPNs are a hassle and provide too much network access. You wish you could simply use your browser, on any device (computer or phone), to access them securely. But, you can’t compromise on security — you need to control who has access without exposing your containers directly to the internet. It’s a challenging balance between security and convenience, and you’re stuck in the middle.‍

Introducing The Docker Service type in Border0

To address these challenges and help you with simple access to your containers from anywhere, we’ve added a new service (Socket) type specifically for Docker hosts. This new Border0 Socket is an SSH service, meaning it allows users to connect using SSH. With a new upstream type, called ‘Docker Exec’.‍

‍With this new service type, you can now expose containers to authenticated users, who will see a list of all containers they are authorized to access. Administrators have the flexibility to filter out which containers are visible to users, thus enhancing control over who has access to what containers.‍

Now, accessing your containers is as easy as logging into a web application, using your favorite SSH client, or using the Border0 web client. Anytime, anywhere and from any device!‍

Seamless Integration with your SSO providers

Using Border0, you can easily add SSO authentication to services that don’t typically support it — like SSH, Kubernetes, Docker, and databases like MySQL, Postgres, and Microsoft SQL. You’ll get seamless, out-of-the-box SSO integration with leading providers like Google, GitHub, Microsoft, and even passwordless magic email links — all at no extra cost.‍

For our premium users, we offer the flexibility to “bring your own identity provider”. This means you can connect your Okta Workforce, Google Workspace, or any SAML or OIDC provider to your Border0 account. This integration allows team members to access servers, containers, and databases using their existing enterprise credentials, ensuring a secure and seamless experience.‍

Built-in and Custom Identity providers

‍It gets better; you can synchronize your directory service — such as Okta, Google Workspace, or Microsoft Entra — with Border0, automatically importing users and groups from your enterprise directory. This allows you to create fine-grained access policies, ensuring that only authorized users — like those in your Okta group “SRE users” — can access specific resources, such as your Docker containers.‍

Demo time — See for Yourself How Easy It Is

Take a moment to watch the demo video below, which demonstrates the easy process of setting up Okta SSO and SCIM integration with Border0 and shows you how to use it to access your Docker containers.

This brief demo shows how Okta and Border0 work together to provide secure and user-friendly access to your Docker containers, enhancing security without adding complexity to your workflow.

Conclusion‍

With the introduction of the Docker service type in Border0, accessing your Docker containers remotely has now become a lot easier. This new service type allows users to connect securely to Docker containers from anywhere, using any device, and without the complexities of VPNs, enhancing both convenience and security. You can now:‍

  • Access your Docker containers from any location using just a web browser or CLI.

  • Use Single Sign-On (SSO) with familiar credentials from identity providers like Okta, GitHub, or Google.

  • Enjoy automatic directory synchronization and SCIM integration.

  • Maintain control over who can access your resources with highly customizable fine-grained access policies.

  • Benefit from session recording for enhanced oversight.

Start Your Free Trial Today!

Ready to simplify access to your infrastructure and Docker containers? Start your free Border0 trial today and streamline your Docker container access!

Top comments (0)