| 
									
										
										
										
											2022-07-09 20:31:41 +02:00
										 |  |  | --- | 
					
						
							|  |  |  | title: Custom OIDC SSO | 
					
						
							|  |  |  | slug: /deployment/security/custom-oidc | 
					
						
							|  |  |  | --- | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Custom OIDC SSO
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Follow the sections in this guide to set up Custom OIDC SSO. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | <Collapse title="Create Server Credentials"> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Go to the console of your preferred custom OIDC SSO provider | 
					
						
							|  |  |  | - Create an OIDC client application with implicit flow enabled to get a client ID. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </Collapse> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ### Create Client ID and Secret Key
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Navigate to your preferred OIDC provider console and create an OIDC client application. | 
					
						
							|  |  |  | - Generate client ID and secret key in JSON format. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | <Collapse title="Create Service Account"> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </Collapse> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | After the applying these steps, you can update the configuration of your deployment: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | <InlineCalloutContainer> | 
					
						
							|  |  |  |   <InlineCallout | 
					
						
							|  |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="celebration" | 
					
						
							|  |  |  |     bold="Docker Security" | 
					
						
							|  |  |  |     href="/deployment/security/custom-oidc/docker" | 
					
						
							|  |  |  |   > | 
					
						
							| 
									
										
										
										
											2022-08-01 16:46:04 +02:00
										 |  |  |     Configure Custom OIDC SSO for your Docker Deployment. | 
					
						
							| 
									
										
										
										
											2022-07-09 20:31:41 +02:00
										 |  |  |   </InlineCallout> | 
					
						
							|  |  |  |   <InlineCallout | 
					
						
							|  |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="storage" | 
					
						
							|  |  |  |     bold="Bare Metal Security" | 
					
						
							|  |  |  |     href="/deployment/security/custom-oidc/bare-metal" | 
					
						
							|  |  |  |   > | 
					
						
							| 
									
										
										
										
											2022-08-01 16:46:04 +02:00
										 |  |  |     Configure Custom OIDC SSO for your Bare Metal Deployment. | 
					
						
							| 
									
										
										
										
											2022-07-09 20:31:41 +02:00
										 |  |  |   </InlineCallout> | 
					
						
							|  |  |  |   <InlineCallout | 
					
						
							|  |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="fit_screen" | 
					
						
							|  |  |  |     bold="Kubernetes Security" | 
					
						
							|  |  |  |     href="/deployment/security/custom-oidc/kubernetes" | 
					
						
							|  |  |  |   > | 
					
						
							| 
									
										
										
										
											2022-08-01 16:46:04 +02:00
										 |  |  |     Configure Custom OIDC SSO for your Kubernetes Deployment. | 
					
						
							| 
									
										
										
										
											2022-07-09 20:31:41 +02:00
										 |  |  |   </InlineCallout> | 
					
						
							|  |  |  | </InlineCalloutContainer> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ## Configure Ingestion
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | After everything has been set up, you will need to configure your workflows if you are running them via the | 
					
						
							|  |  |  | `metadata` CLI or with any custom scheduler. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | When setting up the YAML config for the connector, update the `workflowConfig` as follows: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ```yaml | 
					
						
							|  |  |  | workflowConfig: | 
					
						
							|  |  |  |   openMetadataServerConfig: | 
					
						
							|  |  |  |     hostPort: 'http://localhost:8585/api' | 
					
						
							| 
									
										
										
										
											2022-08-01 16:46:04 +02:00
										 |  |  |     authProvider: custom-oidc | 
					
						
							| 
									
										
										
										
											2022-07-09 20:31:41 +02:00
										 |  |  |     securityConfig: | 
					
						
							|  |  |  |       clientId: '{your_client_id}' | 
					
						
							|  |  |  |       secretKey: '{your_client_secret}' | 
					
						
							|  |  |  |       domain: '{your_domain}' | 
					
						
							|  |  |  | ``` |