Search
K

Configure an environment

Environments define cloud storage containers where you can deploy user flow configuration and the Orchestrators that will read that configuration for your applications. Create environments (e.g. dev, test, staging, and production), configure cloud storage containers, and assign orchestrators to those environments.
For additional information on environment variables that can be used in the configuration, see Environment Variables.
Production environments should ensure shared storage solutions are secure. Please review our production recommendations for shared storage solutions.
  1. 1.
    From the sidebar, click Environments, and click the + icon next to the type of storage you would like to configure. If you are creating an evaluation environment, skip to the next section.
  2. 2.
    Configure the following:
General Settings
  • Name: A friendly name for your environment. For this example, let’s use AWS-staging.
  • Description: Additional description of the environment.
  • Production: This checkbox denotes that this will be used as a Production environment.
Orchestrator Settings
  • Cookie Domain: This field is optional and specifies the hosts to which the session cookie will be sent.
  • Max Lifetime Seconds: This field is optional and represents the maximum number of seconds that can elapse post-authentication before the session’s authentication state becomes invalid.
  • Orchestrator URL: This field is required when configuring the orchestrator as an OIDC or SAML provider.
  • Logout Endpoint: This optional field is the endpoint clients may call to trigger logout from all applications and IDPs.
  • Post-Logout Redirect URL: This field is optional and represents the URL to redirect the client to after the single logout process is complete.
  • Telemetry: When enabled, orchestrators send telemetry data to Maverics. You can view this on the Orchestrator Telemetry page. After you have started your Orchestrator, (re)publish a configuration, and it will take up to 5-15 min to take effect. This option is turned on by default.
Additional configuration details
  • Additional configuration details will depend on the cloud storage environment you have selected. This usually includes bucket names, access keys, tokens, and configuration file paths. More information on these configuration details is presented later in this topic.
  1. 1.
    Click Create.
  2. 2.
    The details of your environment will appear on the next page. From here, download your public key and the Orchestrator appropriate for your operating system. Follow our instructions to install your Orchestrator.

Evaluation environment configuration

When you create an evaluation environment for testing, no additional configuration of the environment is necessary. The following steps occur behind the scenes:
  1. 1.
    An AWS storage bucket will be created.
  2. 2.
    The defaults for Orchestrator URL (https://localhost), logout URL (/logout), and other settings will be configured automatically. You can change these settings by clicking the Edit button in the top right hand side.
  3. 3.
    An empty maverics.tar.gz file is then pushed to the cloud storage bucket so the orchestrator will start up successfully in case there is no user flow published yet.
  4. 4.
    A downloadable bundle is created with a maverics.env file preconfigured to connect to this environment.
You can only have one eval environment at a time. After you create one it removes the option to create another from the Environments right side bar. This environment is provided for tesing purposes only and may be deleted after 90 days of inactivity.

Amazon S3 configuration

Amazon S3 configuration requires the following details, which are set in the AWS console:
  • Bucket Name: The unique name of the bucket you've created in Amazon S3.
  • Role ARN: The ARN resource. Instructions on creating and finding this number are detailed below.
  • External ID: The External ID of the role. Instructions on creating this ID are detailed below.
  • Region: The region of the bucket (for example, us-east-2)
  • Configuration File Path: The path within the S3 bucket that your configuration file will be uploaded to. Do not include the file name in this path.
To set the External ID and retrieve the Role ARN, you will need to create an IAM role.
  1. 1.
    Go to IAM in the AWS Console.
  2. 2.
    Under Access Management, go to Roles.
  3. 3.
    Click Create Role.
  4. 4.
    For Trusted entity type, select AWS account.
  5. 5.
    Under An AWS account, select Another AWS account, and enter the Account ID under the Role ARN field in the Maverics UI.
  6. 6.
    Check the box marked Require external ID, and enter an alphanumeric string of your choice. This is the same ID that you will use when configuring S3 in Maverics.
  7. 7.
    Click Next.
  8. 8.
    On the Add permissions page, click Create policy.
  9. 9.
    On the Specify permissions page, click JSON to go to the JSON editor.
  10. 10.
    Copy the code block below and paste it into the editor, replacing the <bucket name> fields with the bucket name you've created:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Policy",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::<bucket's name>",
"arn:aws:s3:::<bucket's name>/*"
]
}
]
}
  1. 11.
    Click Next.
  2. 12.
    Give the role a name and description and click Create Role.
  3. 13.
    When you're redirected to the Roles page, click the role you've just created.
  4. 14.
    On the Role page, the ARN can be found in the center column. Copy the entire ARN string and paste it into the Role ARN field in the environment configuration page of Maverics.

Microsoft Azure storage configuration

Microsoft configuration requires the following details, which are set in the Azure portal:
  • Storage account name: The unique name of the storage account you've created in Azure.
  • Container name: The name of the container in your storage account.
  • SAS token: The query string that includes all of the information required to authenticate the SAS, as well as to specify the blob and permissions available for access, and the time interval over which the signature is valid. For instructions on how to generate a SAS token, see the Azure documentation. Note that this SAS token must be re-entered any time you make changes to your environment.
  • Configuration file path: The path within the blob storage that your configuration file will be uploaded to. Do not include any leading forward slashes (/) or the file name in this path.
We recommend generating two SAS tokens: one for writing configuration, and one for reading configuration. The first SAS token should be entered when creating the environment. When generating this SAS token, the following settings are necessary for Maverics to work:
  1. 1.
    Signing method: select Account key
  2. 2.
    Signing key: select Key 1
  3. 3.
    Permissions: select Create, Add, and Write
  4. 4.
    Start and expiry date/time: Move the expiration date out to a longer time frame at your discretion. The default is eight hours.
The second SAS token is used by the orchestrator to read remote configuration. When generating this SAS token, the following settings are necessary for the orchestrator to work:
  1. 1.
    Signing method: select Account key
  2. 2.
    Signing key: select Key 1
  3. 3.
    Permissions: select List and Read
  4. 4.
    Start and expiry date/time: Move the expiration date out to a longer time frame at your discretion. The default is eight hours.

Github storage configuration

Github configuration requires the following details:
  • Owner: Your Github organization name.
  • Repo: The name of your Github repo.
  • Token: The access token to your Github repo. This token must be entered any time this environment is updated.
  • Configuration File Path: The path to the configuration file in your Github repo.
See the Github topic, Creating a fine-grained personal access token for more information on how to retrieve the token to your repo.

Google Cloud Storage configuration

  • Bucket Name: The bucketName of your environment.
  • Configuration File Path: The path to the configuration file within your Google Cloud bucket.

Gitlab configuration

  • Namespace: Your Gitlab organization name.
  • Repo: The name of your Gitlab repo.
  • Branch: The name of your branch in the Gitlab repo:
  • Token: The access token to your Gitlab repo. This token must be entered any time this environment is updated.
  • Configuration File Path: The path to the configuration file within your Gitlab repo.
See the GitLab documentation for information on creating personal access tokens with permissions for reading repository contents. Alternatively, a project access token can be created. The minimum required scope is "read_repository".
Previous
View subscriptions
Next - Set up Maverics
Install and run an Orchestrator
Last modified 23d ago