Skip to main content

Set OIDC settings

POST /api/admin/auth/oidc/settings

Configure OpenID Connect as a login provider for Unleash.

Request

Body

required

oidcSettingsSchema

    oneOf
  • enabled boolean required

    Possible values: [true]

    Whether to enable or disable OpenID Connect for this instance

  • clientId string required

    The OIDC client ID of this application.

  • secret string required

    Shared secret from OpenID server. Used to authenticate login requests

  • autoCreate boolean

    Auto create users based on email addresses from login tokens

  • enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

  • defaultRootRole string

    Possible values: [Viewer, Editor, Admin]

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

  • defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

  • emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

  • acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

  • idTokenSigningAlgorithm string

    Possible values: [RS256, RS384, RS512]

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

  • enableGroupSyncing boolean

    Should we enable group syncing. Refer to the documentation Group syncing

  • groupJsonPath string

    Specifies the path in the OIDC token response to read which groups the user belongs to from.

  • addGroupsScope boolean

    When enabled Unleash will also request the 'groups' scope as part of the login request.

Responses

oidcSettingsSchema

Schema
    oneOf
  • enabled boolean required

    Possible values: [true]

    Whether to enable or disable OpenID Connect for this instance

  • clientId string required

    The OIDC client ID of this application.

  • secret string required

    Shared secret from OpenID server. Used to authenticate login requests

  • autoCreate boolean

    Auto create users based on email addresses from login tokens

  • enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

  • defaultRootRole string

    Possible values: [Viewer, Editor, Admin]

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

  • defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

  • emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

  • acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

  • idTokenSigningAlgorithm string

    Possible values: [RS256, RS384, RS512]

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

  • enableGroupSyncing boolean

    Should we enable group syncing. Refer to the documentation Group syncing

  • groupJsonPath string

    Specifies the path in the OIDC token response to read which groups the user belongs to from.

  • addGroupsScope boolean

    When enabled Unleash will also request the 'groups' scope as part of the login request.

Loading...