Skip to main content

Overview

The admin UI provides a comprehensive interface for managing SSO authentication providers. You can add, edit, disable, and remove providers without requiring server restarts or configuration file changes.

Prerequisites

  • AUTH_PROVIDERS_SOURCE=database environment variable configured
  • Admin access to the application
  • Identity provider credentials (client ID, client secret, etc.)

Accessing the admin UI

Navigate to the SSO providers management page in your admin dashboard: 
https://your-domain.com/admin/sso-providers

Managing providers

Adding a new provider

1

Click Add Provider

Select the “Add Provider” button in the admin UI
2

Choose provider type

Select the authentication protocol:
  • OIDC (OpenID Connect)
  • OAuth2
  • SAML 2.0
3

Configure basic settings

Enter the provider details:
  • Provider name: Display name for the login button
  • Provider ID: Unique identifier (lowercase, no spaces)
  • Enabled: Toggle to enable/disable the provider
4

Enter credentials

Add your identity provider credentials:
  • Client ID
  • Client secret (for OIDC/OAuth2)
  • Certificate (for SAML)
5

Configure endpoints

Specify the authentication endpoints:
  • Authorization URL
  • Token URL
  • User info URL (OIDC/OAuth2)
  • SSO URL (SAML)
6

Set up role mapping

Configure just-in-time provisioning:
  • Default roles for new users
  • Group-to-role mappings
  • Attribute mappings
7

Save and test

Save the provider configuration and test the login flow

Editing an existing provider

1

Select the provider

Click on the provider you want to edit from the list
2

Update settings

Modify any configuration fields as needed
3

Save changes

Click “Save” to apply the updates immediately
Changes to provider configuration take effect immediately without requiring a server restart.

Disabling a provider

You can temporarily disable a provider without deleting its configuration:
  1. Navigate to the provider settings
  2. Toggle the “Enabled” switch to off
  3. Save the changes
Disabled providers will not appear on the login page, but their configuration is preserved.

Deleting a provider

Deleting a provider will remove all its configuration. Users who authenticated with this provider will need to use alternative login methods.
To delete a provider:
  1. Select the provider from the list
  2. Click the “Delete” button
  3. Confirm the deletion

Provider configuration fields

Common fields (all providers)

FieldDescriptionRequired
Provider nameDisplay name shown on login buttonYes
Provider IDUnique identifier (alphanumeric, lowercase)Yes
EnabledWhether the provider is activeYes
Icon URLCustom icon for the login buttonNo
Button colorCustom color for the login buttonNo

OIDC-specific fields

FieldDescriptionRequired
Issuer URLOIDC issuer/discovery endpointYes
Client IDOAuth2 client identifierYes
Client secretOAuth2 client secretYes
ScopesSpace-separated list of scopesNo (default: openid profile email)

OAuth2-specific fields

FieldDescriptionRequired
Authorization URLOAuth2 authorization endpointYes
Token URLOAuth2 token endpointYes
User info URLEndpoint to fetch user profileYes
Client IDOAuth2 client identifierYes
Client secretOAuth2 client secretYes
ScopesSpace-separated list of scopesNo

SAML-specific fields

FieldDescriptionRequired
SSO URLSAML single sign-on endpointYes
Entity IDSAML entity identifierYes
CertificateX.509 certificate for signature validationYes
Sign requestsWhether to sign SAML requestsNo
Private keyPrivate key for signing requestsConditional

Testing provider configuration

After configuring a provider, test the integration:
1

Open test login

Click the “Test Login” button in the provider settings
2

Authenticate

Complete the authentication flow with your identity provider
3

Verify user data

Check that user attributes are correctly mapped
4

Confirm role assignment

Verify that roles are assigned based on your mapping configuration

Best practices

Choose clear names like “Google Workspace” or “Okta Corporate” instead of generic names like “OIDC Provider 1”
Always test a provider configuration before enabling it for all users
Store client secrets and private keys securely. The admin UI encrypts sensitive fields in the database.
Regularly review SSO audit logs to detect authentication issues or security concerns
Keep documentation of your group-to-role mappings for future reference

Troubleshooting

Provider not appearing on login page

  • Verify the provider is enabled
  • Check that AUTH_PROVIDERS_SOURCE=database is set
  • Restart the application if you recently changed the environment variable

Authentication fails

  • Verify all endpoints are correct and accessible
  • Check that client ID and secret match your identity provider
  • Review audit logs for specific error messages
  • Ensure redirect URIs are configured in your identity provider

Users not getting correct roles

  • Review your role mapping configuration
  • Check the group claims sent by your identity provider
  • Verify attribute mappings are correct
  • Test with a known user account

Next steps

OIDC setup

Configure OIDC providers like Google, Okta, or Auth0

SAML setup

Set up SAML 2.0 for enterprise identity providers

Role mapping

Configure just-in-time provisioning and role assignments

User management

Manage users and their connected accounts