OpenID Connect

1. Prerequisites

Before beginning, ensure you have the following:

• An OpenID Connect (OIDC) provider configured and available.

• OAuth2 Client ID and Client Secret from your OIDC provider.

2. Identity Provider Configuration

Each Identity Provider will have different steps for configuring an OIDC application. Below are details commonly needed for most configurations.

• Bindplane uses an Authorization Code flow

• Redirect URI: <remoteURL/webURL>/oidc/redirect

3. Bindplane Server Configuration

Configuration Steps

1. Open the Bindplane configuration file (by default at /etc/bindplane/config.yaml).

2. Add or modify the following OIDC configuration settings:

auth:
  type: oidc
  oidc:
    issuer: "https://your-oidc-provider.com"
    oauth2ClientID: "your-client-id"
    oauth2ClientSecret: "your-client-secret"
    scopes:
      - openid
      - profile
      - email

1. Replace the placeholder values:

   • issuer: Your OIDC provider's URL

   • oauth2ClientID: OAuth2 client ID from your OIDC provider

   • oauth2ClientSecret: OAuth2 client Secret from your OIDC provider

2. Restart Bindplane to apply the changes:

systemctl restart bindplane

Environment Variables

The same settings can also be provided using environment vairables:

BINDPLANE_OIDC_OAUTH2_CLIENT_ID=your-client-id
BINDPLANE_OIDC_OAUTH2_CLIENT_SECRET=your-client-secret
BINDPLANE_OIDC_ISSUER=https://your-oidc-provider.com
BINDPLANE_OIDC_SCOPES=openid,profile,email

4. User Enrollment

After configuration, users will be redirected to your OIDC provider for authentication when accessing Bindplane.

The first user account that logs in after configuration will be automatically created as the Organization Admin. Subsequent users will need to be invited or manually added to a Project before they are able to login using OIDC. For more details on adding additional users see:

• Invite Users to a Project

• Add Users using the Bindplane CLI