OpenID Connect
How to configure Bindplane to use OpenID Connect for Authentication
Changing the Authentication type on the Bindplane server will automatically remove all existing users and permissions. The first user to log in after the change will become an Organization Admin and owner of all existing Projects. Subsequent users will need to be re-invited to their respective projects.
1. Prerequisites
Before beginning, ensure you have the following:
An OpenID Connect (OIDC) provider configured and available.
OAuth2 Client ID and Client Secret from your OIDC provider.
2. Identity Provider Configuration
Each Identity Provider will have different steps for configuring an OIDC application. Below are details commonly needed for most configurations.
Bindplane uses an Authorization Code flow
Redirect URI: <remoteURL/webURL>/oidc/redirect
3. Bindplane Server Configuration
Configuration Steps
Open the Bindplane configuration file (by default at
/etc/bindplane/config.yaml
).Add or modify the following OIDC configuration settings:
auth:
type: oidc
oidc:
issuer: "https://your-oidc-provider.com"
oauth2ClientID: "your-client-id"
oauth2ClientSecret: "your-client-secret"
scopes:
- openid
- profile
- email
Replace the placeholder values:
issuer
: Your OIDC provider's URLoauth2ClientID
: OAuth2 client ID from your OIDC provideroauth2ClientSecret
: OAuth2 client Secret from your OIDC provider
Restart Bindplane to apply the changes:
systemctl restart bindplane
Environment Variables
The same settings can also be provided using environment vairables:
BINDPLANE_OIDC_OAUTH2_CLIENT_ID=your-client-id
BINDPLANE_OIDC_OAUTH2_CLIENT_SECRET=your-client-secret
BINDPLANE_OIDC_ISSUER=https://your-oidc-provider.com
BINDPLANE_OIDC_SCOPES=openid,profile,email
4. User Enrollment
After configuration, users will be redirected to your OIDC provider for authentication when accessing Bindplane.
The first user account that logs in after configuration will be automatically created as the Organization Admin. Subsequent users will need to be invited or manually added to a Project before they are able to login using OIDC. For more details on adding additional users see:
Last updated
Was this helpful?