OIDC
OIDC
Integrate your organization’s Authorization Servers with Netdata to better manage your team’s access controls to Netdata Cloud.
Setup
Prerequisites
- Authorization Server with OIDC protocol supported
- A Netdata Cloud account
- Access to the Space as an Admin
- Space needs to be on a paid plan
Setting up Authorization Server
Your server should follow the full specification for OIDC. In order to integrate your Authorization Server with Netdata the creation of a client is required. Clients are applications and services that can request authentication of a user. The access settings for your client are the following:
| field | value |
|---|---|
| Root URL | `https://app.netdata.cloud/`` |
| Home/Initiate login URL | https://app.netdata.cloud/api/v2/auth/account/auth-server?iss={your-server-issuer-url}&redirect_uri=https://app.netdata.cloud/sign-in®ister_uri=https://app.netdata.cloud/sign-up/verify |
| Redirect URL | https://app.netdata.cloud/api/v2/auth/account/auth-server/callback |
Netdata Configuration Steps
- Click on the Space settings cog (located above your profile icon)
- Click on the User Management section and access Authentication and Authorization tab.
- On the OIDC card, click on Configure
- Fill in the required credentials:
- Issuer URL the Authorization Server Issuer URL, e.g.
https://my-auth-server.com/ - Client ID the Client ID from the created client
- Client Secret the Client Secret from the created client
- Authorization URL the Authorization Server authorization URL, e.g.
https://my-auth-server.com/openid-connect/auth - Token URL the Authorization Server token URL, e.g.
https://my-auth-server.com/openid-connect/token - User URL the Authorization Server user info URL, e.g.
https://my-auth-server.com/openid-connect/userinfo
- Issuer URL the Authorization Server Issuer URL, e.g.
Supported features
- SP-initiated SSO (Single Sign-On)
- IdP-initiated SSO
SP-initiated SSO
If you start your authentication flow from Netdata sign-in page please check these steps.