OpenID Connect (OIDC) Authentication with Parseable
Parseable supports OpenID Connect (OIDC) authentication for secure access to all its functionality. Parseable uses OpenID Connect discovery mechanism to connect to Identity provider, this is where an OpenID server publishes its metadata at a well-known URL, typically https://server.com/.well-known/openid-configuration
Prerequisites
Before you begin, make sure you have the following prerequisites:
- A configured OIDC provider which provides group claims for each user. Parseable will map the group name for a user with role created in the instance.
- Knowledge of your OIDC identity provider and its configuration details.
Environment Variables
To use OIDC authentication with Parseable, you need to set the following environment variables:
| Variable Name | Description |
|---|---|
| P_OIDC_CLIENT_ID | Your OIDC client identifier provided by your identity provider. |
| P_OIDC_CLIENT_SECRET | Your OIDC client secret provided by your identity provider. |
| P_OIDC_ISSUER | The OIDC issuer URL, typically provided by your identity provider. It points to the OIDC authorization server. Should support discovery protocol |
| P_ORIGIN_URI | The URI where Parseable is hosted or accessible. This should be the base URL of your Parseable instance. |
Using OIDC with Parseable
To map your user group to a roles in Parseable you must first create that role on Parseable instance. To create roles in Parseable, you can use the {{endpoint}}/api/v1/role/{name} endpoint. This endpoint allows you to define custom roles for users, granting them specific privileges and permissions within the application. Refer to rbac section for more details.
Once we have roles setup now your users can login with SSO and all the permissions will be immediately granted. Please note that per user customization is not an option for OIDC users. It is reccomended you create a new role if such case arises.