Custom OIDC SSO

Follow the sections in this guide to set up Custom OIDC SSO.

priority_high

Important

Security requirements for your production environment:

DELETE the admin default account shipped by OM in case you had Basic Authentication enabled before configuring the authentication with Custom OIDC SSO.
UPDATE the Private / Public keys used for the JWT Tokens. The keys we provide by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.

Create Server Credentials

Go to the console of your preferred custom OIDC SSO provider

Create an OIDC client application with implicit flow enabled to get a client ID.

Create Client ID and Secret Key

Navigate to your preferred OIDC provider console and create an OIDC client application.

Generate client ID and secret key in JSON format.

After the applying these steps, you can update the configuration of your deployment:

Docker Security Configure Custom OIDC SSO for your Docker Deployment.

Bare Metal Security Configure Custom OIDC SSO for your Bare Metal Deployment.

Kubernetes Security Configure Custom OIDC SSO for your Kubernetes Deployment.

Configure Ingestion

After everything has been set up, you will need to configure your workflows if you are running them via the metadata CLI or with any custom scheduler.

When setting up the YAML config for the connector, update the workflowConfig as follows:

workflowConfig:
  openMetadataServerConfig:
    hostPort: 'http://localhost:8585/api'
    authProvider: custom-oidc
    securityConfig:
      clientId: '{your_client_id}'
      secretKey: '{your_client_secret}'
      domain: '{your_domain}'

Still have questions?

You can take a look at our Q&A or reach out to us in Slack