Products
Pricing
Resources
Sign in

OpenID

OpenID Connect (OIDC) provider configuration

Semaphore supports authentication via OpenID Connect (OIDC).

Links:

Example of SSO provider configuration:

{
  "oidc_providers": {
    "mysso": {
      "display_name": "Sign in with MySSO",
      "color": "orange",
      "icon": "login",
      "provider_url": "https://mysso-provider.com",
      "client_id": "***",
      "client_secret": "***",
      "redirect_url": "https://your-domain.com/api/auth/oidc/mysso/redirect"
    }
  }
}

All SSO provider options:

ParameterDescription

display_name

Provider name which displayed on Login screen.

icon

MDI-icon which displayed before of provider name on Login screen.

color

Provider name which displayed on Login screen.

client_id

Provider client ID.

client_id_file

The path to the file where the provider's client ID is stored. Has less priorty then client_id.

client_secret

Provider client Secret.

client_secret_file

The path to the file where the provider's client secret is stored. Has less priorty then client_secret.

redirect_url

provider_url

scopes

username_claim

Username claim expression*.

email_claim

Email claim expression*.

name_claim

Profile Name claim expression*.

order

Position of the provider button on the Sign in screen.

endpoint.issuer

endpoint.auth

endpoint.token

endpoint.userinfo

endpoint.jwks

endpoint.algorithms

*Claim expression

Example of claim expression:

email | {{ .username }}@your-domain.com

Semaphore is attempting to claim the email field first. If it is empty, the expression following it is executed.

The expression "username_claim": "|" generates a random username for each user who logs in through the provider.

Sign in screen

For each of the configured providers, an additional login button is added to the login page:

PreviousLDAPNextGitHub

Last updated