OpenMetadata/openmetadata-docs/content/v1.6.x/deployment/security/custom-oidc/index.md

---
title: Custom OIDC SSO | OpenMetadata Security Integration
slug: /deployment/security/custom-oidc
collate: false
---

# Custom OIDC SSO

Follow the sections in this guide to set up Custom OIDC SSO.

{% note %}

Security requirements for your **production** environment:
- **DELETE** the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth)
  enabled before configuring the authentication with Custom OIDC SSO.
- **UPDATE** the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide
  by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.

{% /note %}

## Create Server Credentials

- Go to the console of your preferred custom OIDC SSO provider
- Create an OIDC client application with implicit flow enabled to get a client ID.

### Create Client ID and Secret Key

- Navigate to your preferred OIDC provider console and create an OIDC client application.
- Generate client ID and secret key in JSON format.

After the applying these steps, you can update the configuration of your deployment:

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="celebration"
    bold="Docker Security"
    href="/deployment/security/custom-oidc/docker" %}
    Configure Custom OIDC SSO for your Docker Deployment.
  {% /inlineCallout %}
  {% inlineCallout
    color="violet-70"
    icon="storage"
    bold="Bare Metal Security"
    href="/deployment/security/custom-oidc/bare-metal" %}
    Configure Custom OIDC SSO for your Bare Metal Deployment.
  {% /inlineCallout %}
  {% inlineCallout
    color="violet-70"
    icon="fit_screen"
    bold="Kubernetes Security"
    href="/deployment/security/custom-oidc/kubernetes" %}
    Configure Custom OIDC SSO for your Kubernetes Deployment.
  {% /inlineCallout %}
{% /inlineCalloutContainer %}

{% partial file="/v1.6/deployment/configure-ingestion.md" /%}
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`
Doc: SEO Title Updation (#21842) * Doc: SEO Title Updation * Doc: Data Discovery Gif Updation * Doc: SEO title updation * Doc: SEO Title Updation --------- Co-authored-by: “Rounak <“rounakpreet.d@deuexsolutions.com”> 2025-06-20 19:46:38 +05:30			`title: Custom OIDC SSO \| OpenMetadata Security Integration`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`slug: /deployment/security/custom-oidc`
DOCS - OSS deployment is flagged as Collate False (#17722) 2024-09-05 10:30:31 +02:00			`collate: false`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`

			`# Custom OIDC SSO`

			`Follow the sections in this guide to set up Custom OIDC SSO.`

			`{% note %}`

			`Security requirements for your production environment:`
			`- DELETE the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth)`
			`enabled before configuring the authentication with Custom OIDC SSO.`
			`- UPDATE the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide`
			`by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.`

			`{% /note %}`

			`## Create Server Credentials`

			`- Go to the console of your preferred custom OIDC SSO provider`
			`- Create an OIDC client application with implicit flow enabled to get a client ID.`

			`### Create Client ID and Secret Key`

			`- Navigate to your preferred OIDC provider console and create an OIDC client application.`
			`- Generate client ID and secret key in JSON format.`

			`After the applying these steps, you can update the configuration of your deployment:`

			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="celebration"`
			`bold="Docker Security"`
			`href="/deployment/security/custom-oidc/docker" %}`
			`Configure Custom OIDC SSO for your Docker Deployment.`
			`{% /inlineCallout %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="storage"`
			`bold="Bare Metal Security"`
			`href="/deployment/security/custom-oidc/bare-metal" %}`
			`Configure Custom OIDC SSO for your Bare Metal Deployment.`
			`{% /inlineCallout %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="fit_screen"`
			`bold="Kubernetes Security"`
			`href="/deployment/security/custom-oidc/kubernetes" %}`
			`Configure Custom OIDC SSO for your Kubernetes Deployment.`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`

DOCS - Use the right partials and images dirs for 1.6 (#18917) 2024-12-04 11:44:41 +01:00			`{% partial file="/v1.6/deployment/configure-ingestion.md" /%}`