Skip to main content

OpenID Connect (OIDC) Authentication with Parseable

Parseable supports OpenID Connect (OIDC) authentication for secure access to all its functionality. Parseable uses OpenID Connect discovery mechanism to connect to Identity provider, this is where an OpenID server publishes its metadata at a well-known URL, typically


Before you begin, make sure you have the following prerequisites:

  • A configured OIDC provider which provides group claims for each user. Parseable will map the group name for a user with role created in the instance.
  • Knowledge of your OIDC identity provider and its configuration details.

Environment Variables

To use OIDC authentication with Parseable, you need to set the following environment variables:

Variable NameDescription
P_OIDC_CLIENT_IDYour OIDC client identifier provided by your identity provider.
P_OIDC_CLIENT_SECRETYour OIDC client secret provided by your identity provider.
P_OIDC_ISSUERThe OIDC issuer URL, typically provided by your identity provider. It points to the OIDC authorization server. Should support discovery protocol
P_ORIGIN_URIThe URI where Parseable is hosted or accessible. This should be the base URL of your Parseable instance.

Using OIDC with Parseable

To map your user group to a roles in Parseable you must first create that role on Parseable instance. To create roles in Parseable, you can use the {{endpoint}}/api/v1/role/{name} endpoint. This endpoint allows you to define custom roles for users, granting them specific privileges and permissions within the application. Refer to rbac section for more details.

Once we have roles setup now your users can login with SSO and all the permissions will be immediately granted. Please note that per user customization is not an option for OIDC users. It is reccomended you create a new role if such case arises.