Skip to main content

Set OIDC settings

POST 
/api/admin/auth/oidc/settings

Configure OpenID Connect as a login provider for Unleash.

Request

Body

required

oidcSettingsSchema

    oneOf

    enabled booleanrequired

    Whether to enable or disable OpenID Connect for this instance

    Possible values: [true]

    Example: true
    discoverUrl uri
    Example: https://myoidchost.azure.com/.well-known/openid-configuration
    clientId stringrequired

    The OIDC client ID of this application.

    Example: FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B
    secret stringrequired

    Shared secret from OpenID server. Used to authenticate login requests

    Example: qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO
    autoCreate boolean

    Auto create users based on email addresses from login tokens

    enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

    defaultRootRole string

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

    Possible values: [Viewer, Editor, Admin]

    defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

    Example: 2
    emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

    Example: getunleash.io,getunleash.ai
    acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

    Example: urn:okta:loa:2fa:any phr
    idTokenSigningAlgorithm string

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

    Possible values: [RS256, RS384, RS512]

    Example: RS256
    enableGroupSyncing boolean

    Should we enable group syncing. Refer to the documentation Group syncing

    Example: false
    groupJsonPath string

    Specifies the path in the OIDC token response to read which groups the user belongs to from.

    Example: groups
    addGroupsScope boolean

    When enabled Unleash will also request the 'groups' scope as part of the login request.

    Example: false

Responses

oidcSettingsResponseSchema

Schema

    enabled boolean

    Whether to enable or disable OpenID Connect for this instance

    Possible values: [true]

    Example: true
    discoverUrl uri
    Example: https://myoidchost.azure.com/.well-known/openid-configuration
    clientId string

    The OIDC client ID of this application.

    Example: FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B
    secret string

    Shared secret from OpenID server. Used to authenticate login requests

    Example: qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO
    autoCreate boolean

    Auto create users based on email addresses from login tokens

    enableSingleSignOut boolean

    Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

    defaultRootRole string

    Default role granted to users auto-created from email. Only relevant if autoCreate is true

    Possible values: [Viewer, Editor, Admin]

    defaultRootRoleId number

    Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

    Example: 2
    emailDomains string

    Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

    Example: getunleash.io,getunleash.ai
    acrValues string

    Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

    Example: urn:okta:loa:2fa:any phr
    idTokenSigningAlgorithm string

    The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

    Possible values: [RS256, RS384, RS512]

    Example: RS256
    enableGroupSyncing boolean

    Should we enable group syncing. Refer to the documentation Group syncing

    Example: false
    groupJsonPath string

    Specifies the path in the OIDC token response to read which groups the user belongs to from.

    Example: groups
    addGroupsScope boolean

    When enabled Unleash will also request the 'groups' scope as part of the login request.

    Example: false
Loading...