Cookbook - Jenkins
Jenkins is an open source automation server which enables developers to reliably build, test, and deploy their software. As a Banyan Administrator, you can securely expose and protect your team’s Jenkins automation server.
- Created the application integration called “Banyan TrustProvider” following our instructions to set up an IdP as your Identity Provider.
- Installed a Banyan Access Tier in the same network segment as the server to be exposed using Banyan.
- Installed the latest Banyan App on your desktop machine, and registered with a valid organization.
Step 1. Create a Policy
2.1 Log in to the Banyan Command Center and navigate to Secure Access > Policies > Create New Policy.
1.2 Create a new Policy using the template Basic Authorization Policy for Users.
1.3 Enter a Policy Name (such as,
hosted-service) and a Description.
1.4 Configure the Policy Attributes for minimal controls:
- Specify this policy is intended for Web - for accessing HTTP services via web browser
- Only allow access from the following role: ANY
- Only allow users and devices with the following Trust Levels: No Trust Level - ignore TrustScore (or a Trust Level according to your organization’s security requirements)
Step 2. Register Jenkins as a Hosted Service
2.1 Navigate to Manage Services > Hosted Services and then click + Register Service.
2.2 Select the template Standard Website.
2.3 Enter the Service Name (such as,
Jenkins) and Description (such as
Access to hosted Jenkins service).
2.4 Click Select an Icon, then search for and select the Jenkins icon.
2.5 Select the cluster where the applicable Access Tier is located.
2.6 Configure the Service Attributes:
- Enter the Service Domain Name of the Access Tier behind which the Jenkins service is deployed (such as,
jenkins.(Access Tier site domain name)) and leave the port as
- Set the enforcement model to Site-based (Access Tier) and then select the applicable Site (Access Tier).
- Enter the Backend Domain Name and Port.
- Enable TLS if Access Tier will be communicating to the backend web service using TLS.
2.7 Attach the policy we had previously created in Step 1.4, and then set enforcement mode to
2.8 Click Register Service.
Step 3. Navigate to Jenkins and log in to your IdP
3.1 Now, you can navigate to Jenkins and authenticate via your IdP.
You will be taken to your Identity Provider to login while, behind the scenes, Banyan is evaluating device posture and enforcing your security policies.
Add Source IP Exception
If your organization hosts software development and version control in a repo platform (such as GitLab or GitHub) and needs to trigger automated builds in Jenkins via webhooks, create a custom service to configure source IP exceptions.
In this scenario, the git repo indicates to Jenkins there has been a commit update. With source IP exceptions configured, Banyan Access Tiers will skip authentication of the request and begin the automated build proceeds without any end-user authentication or interaction.
When configuring the custom service’s Service Attributes, set the
enabled flag to
true. Then, set the
source_cidrs to the exact IP or CIDR range of the repo service.
Last modified: Sep 23, 2021