OpenMetadata/openmetadata-docs/content/v1.6.x/deployment/security/auth0/kubernetes.md

---
title: Auth0 SSO for Kubernetes
slug: /deployment/security/auth0/kubernetes
collate: false
---

# Auth0 SSO for Kubernetes

Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).
Check the more information about environment variable [here](/deployment/security/configuration-parameters).

Here is an example for reference, showing where to place the values in the `values.yaml` file after setting up your Auth0 account and obtaining the application credentials.

{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}

```implicit
# Public Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from john.doe@example.com
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).     

    authentication:
      clientType: public
      provider: "auth0"
      publicKeys: 
      - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{Auth0 Domain Name}/.well-known/jwks.json"
      authority: "{Your Auth0 Domain}"  # The base URL of the authentication provider.      
      clientId: "{Client ID}"
      callbackUrl: "http://localhost:8585/callback"
```

```authcode
# Auth Code Flow 

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"  
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"  
      initialAdmins:  # john.doe from john.doe@example.com
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).  

    authentication:
      clientType: confidential 
      provider: "auth0" 
      publicKeys:  # List of URLs providing public keys for verifying JWT tokens.
        - "{Your Domain}/api/v1/system/config/jwks"    # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
        - "{Auth0 Domain Name}/.well-known/jwks.json
      authority: "{Your Auth0 Domain}"  # The base URL of the authentication provider.
      clientId: "{Client ID}"  # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"
      oidcConfiguration:
        oidcType: "Auth0"  
        clientId:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-id  
        clientSecret:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-secret  
        discoveryUri: "{Domain name}/.well-known/openid-configuration"  # Update your Auth0 Domain
        callbackUrl: http://localhost:8585/callback  
        serverUrl: http://localhost:8585  
```

{% /codeWithLanguageSelector %}

{% partial file="/v1.6/deployment/configure-ingestion.md" /%}

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="MdArrowBack"
    bold="Auth"
    href="/deployment/security/auth0" %}
    Go to Auth0 Configuration
  {% /inlineCallout %}
{% /inlineCalloutContainer %}
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`
			`title: Auth0 SSO for Kubernetes`
			`slug: /deployment/security/auth0/kubernetes`
DOCS - OSS deployment is flagged as Collate False (#17722) 2024-09-05 10:30:31 +02:00			`collate: false`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`

			`# Auth0 SSO for Kubernetes`

			`Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`Check the more information about environment variable [here](/deployment/security/configuration-parameters).`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			Here is an example for reference, showing where to place the values in the `values.yaml` file after setting up your Auth0 account and obtaining the application credentials.

			`{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}`

			```implicit
			`# Public Flow`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00
			`openmetadata:`
			`config:`
			`authorizer:`
			`className: "org.openmetadata.service.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.service.security.JwtFilter"`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`initialAdmins: # john.doe from john.doe@example.com`
			`- "admin"`
			`- "user1"`
			`- "user2"`
			`principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`

docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`authentication:`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`clientType: public`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`provider: "auth0"`
			`publicKeys:`
			`- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens`
			`- "{Auth0 Domain Name}/.well-known/jwks.json"`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`authority: "{Your Auth0 Domain}" # The base URL of the authentication provider.`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`clientId: "{Client ID}"`
			`callbackUrl: "http://localhost:8585/callback"`
			```

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			```authcode
			`# Auth Code Flow`

			`openmetadata:`
			`config:`
			`authorizer:`
			`className: "org.openmetadata.service.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.service.security.JwtFilter"`
			`initialAdmins: # john.doe from john.doe@example.com`
			`- "admin"`
			`- "user1"`
			`- "user2"`
			`principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`

			`authentication:`
			`clientType: confidential`
			`provider: "auth0"`
			`publicKeys: # List of URLs providing public keys for verifying JWT tokens.`
			`- "{Your Domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens`
			`- "{Auth0 Domain Name}/.well-known/jwks.json`
			`authority: "{Your Auth0 Domain}" # The base URL of the authentication provider.`
			`clientId: "{Client ID}" # Update your Client ID`
			`callbackUrl: "http://localhost:8585/callback"`
			`oidcConfiguration:`
			`oidcType: "Auth0"`
			`clientId:`
			`secretRef: oidc-secrets`
			`secretKey: openmetadata-oidc-client-id`
			`clientSecret:`
			`secretRef: oidc-secrets`
			`secretKey: openmetadata-oidc-client-secret`
			`discoveryUri: "{Domain name}/.well-known/openid-configuration" # Update your Auth0 Domain`
			`callbackUrl: http://localhost:8585/callback`
			`serverUrl: http://localhost:8585`
			```

			`{% /codeWithLanguageSelector %}`

DOCS - Use the right partials and images dirs for 1.6 (#18917) 2024-12-04 11:44:41 +01:00			`{% partial file="/v1.6/deployment/configure-ingestion.md" /%}`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30
			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="MdArrowBack"`
			`bold="Auth"`
			`href="/deployment/security/auth0" %}`
			`Go to Auth0 Configuration`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`