Security requirements for your **production** environment:
- **DELETE** the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth)
enabled before configuring the authentication with Auth0 SSO.
- **UPDATE** the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide
by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.
{%important%}
This guide provides instructions on setting up OpenID Connect (OIDC) configuration for your application. OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol that allows clients to verify the identity of the end-user.
Below configurations are universally applicable to all SSO provider like Google, Auth0, Okta, Keycloak, etc.
OpenMetadata sessions are currently stored **in-memory**, which may cause issues when using **OIDC authentication** in a multi-replica setup.
- If you are experiencing **authentication failures with "Missing state parameter" errors**, enabling **sticky sessions** can serve as a temporary workaround.