OpenMetadata/openmetadata-docs/content/v1.8.x-SNAPSHOT/deployment/security/auth0/bare-metal.md

---
title: Auth0 SSO for Bare Metal
slug: /deployment/security/auth0/bare-metal
collate: false
---

# Auth0 SSO for Bare Metal

## Update conf/openmetadata.yaml


In `openmetadata.yaml` file and use the following example as a reference. Replace the placeholder values with the details generated during your Auth0 account and application credentials setup.

Check the more information about environment variable [here](/deployment/security/configuration-parameters).


{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}
```implicit
# Implicit Flow Configuration
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                          
    - "admin"                                               # Administrator email prefix (e.g., "admin" from "admin@domain.com")
    - "user1"                                               # Additional administrator email prefix
    - "user2"                                               # Additional administrator email prefix
  principalDomain: "open-metadata.org"                      # Primary domain for your organization (e.g., "yourdomain.com") 
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).  
authenticationConfiguration:
  provider: "auth0"                                         # Authentication provider, set to "auth0"
  publicKeyUrls:                           
    - "https://{Auth0 Domain Name}/.well-known/jwks.json"   # Replace {Auth0 Domain Name} with your Auth0 domain
    - "{Your OMD Server URL}/api/v1/system/config/jwks"     # Replace {Your OMD Server URL} with your OpenMetadata server URL
  authority: "https://{Your Auth0 Domain}"                  # Base URL of your Auth0 domain
  clientId: "{Client ID}"                                   # Auth0 Client ID for your application
  callbackUrl: "http://localhost:8585/callback"             # Callback URL for OpenMetadata authentication
  clientType: "public"                                      # Set to "public" for implicit flow
```
```authcode
# Auth Code Flow Configuration
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                          
    - "admin"                                                   # Administrator email prefix (e.g., "admin" from "admin@domain.com")
    - "user1"                                                   # Additional administrator email prefix
    - "user2"                                                   # Additional administrator email prefix
  principalDomain: "open-metadata.org"                          # Primary domain for your organization (e.g., "yourdomain.com")
authenticationConfiguration:
  provider: "auth0"                                             # Authentication provider, set to "auth0"
  publicKeyUrls:                           
    - "https://{Auth0 Domain Name}/.well-known/jwks.json"       # Replace {Auth0 Domain Name} with your Auth0 domain
    - "{Your OMD Server URL}/api/v1/system/config/jwks"         # Replace {Your OMD Server URL} with your OpenMetadata server URL
  authority: "https://{Your Auth0 Domain}"                      # Base URL of your Auth0 domain
  clientId: "{Client ID}"                                       # Auth0 Client ID for your application
  callbackUrl: "http://localhost:8585/callback"                 # Callback URL for OpenMetadata authentication
  clientType: "confidential"                                    # Set to "confidential" for auth code flow
  oidcConfiguration:
    id: "{Client ID}"                                           # Auth0 Client ID for your application
    type: "auth0"                                               # Ensure this matches your provider type
    secret: "{Client Secret}"                                   # Auth0 Client Secret for your application
    discoveryUri: "https://{Auth0 Domain Name}/.well-known/openid-configuration" 
                                                                # Discovery URI for OpenID configuration; replace {Auth0 Domain Name} with your Auth0 domain
    callbackUrl: "http://localhost:8585/callback"               # Callback URL for OpenMetadata authentication
                                                                
    serverUrl: "http://localhost:8585"                          # OpenMetadata server URL; update for production environments
```
{% /codeWithLanguageSelector %}

{% partial file="/v1.8/deployment/configure-ingestion.md" /%}

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="MdArrowBack"
    bold="Auth"
    href="/deployment/security/auth0" %}
    Go to Auth0 Configuration
  {% /inlineCallout %}
{% /inlineCalloutContainer %}