SSO Login (Authentik)¶
Authentik is our single sign-on (SSO) platform. It provides one login for all CWIQ applications.
Accessing the SSO Dashboard¶
- Ensure Tailscale is connected
- Open sso.shared.cwiq.io
- Click Sign in with Google
- Use your
@cwiq.ioGoogle account
Your Application Dashboard¶
After signing in, you'll see a dashboard with all applications assigned to your team. Click any application icon to launch it — you'll be automatically authenticated.
Team-Based Access¶
Your applications are determined by your team assignment:
| Team | Example Applications |
|---|---|
| DevOps | GitLab, Vault, Grafana, AWS, Icinga, SonarQube, DefectDojo |
| Software Engineering | GitLab, Vault, Grafana, SonarQube, DefectDojo |
| DataOps | GitLab, Vault, Grafana |
| Research | GitLab, Vault |
| Service Desk | GitLab, Taiga |
All teams get access to GitLab and Vault as a baseline.
Troubleshooting¶
"Unable to reach sso.shared.cwiq.io"¶
- Verify Tailscale is connected (
tailscale status) - Try refreshing the page
"Access denied" after Google sign-in¶
- Your account may not be provisioned yet — contact your admin
- Ensure you're using your
@cwiq.ioaccount, not a personal Google account
Application shows "Forbidden"¶
- Your team may not have access to that application
- Contact your admin to request access via the Manage App Access workflow