Enable OIDC authentication for Aiven for DataHub Limited availability
Use OpenID Connect (OIDC) to configure single sign-on (SSO) to your DataHub service with your identity provider.
You can use any OIDC compliant provider such as Auth0, Okta, Google Identity, or Azure AD. When OIDC is enabled, all users are redirected to SSO login by default.
Prerequisites
- An application created in your identity provider: Follow the
DataHub OIDC prerequisites guide to create and register a Google Identity, Okta Identity, or
Azure AD application.
- To get the domain of your DataHub service for the redirect URIs, open the Aiven App
that ends in
-frontendand copy the Application URL.
- To get the domain of your DataHub service for the redirect URIs, open the Aiven App
that ends in
- The client ID, client secret, and discovery URI for your OIDC provider: The DataHub OIDC prerequisites guide has instructions for getting these values from Azure AD, Google Identity, and Okta.
- Your DataHub service URL: To get the URL, in the Connection information copy the Application URL.
Enable OIDC authentication
-
In your DataHub service, go to the DataHub resources section.
-
Open the Aiven App that ends in
-frontend. -
In the Environment variables section, click Edit.
-
On the Secrets tab, add a secret. For the Key enter
AUTH_OIDC_CLIENT_SECRETand for the Value enter your client secret. -
On the Variables tab, add the following variables:
Key Value AUTH_OIDC_ENABLEDtrueAUTH_OIDC_CLIENT_IDYour client ID. AUTH_OIDC_DISCOVERY_URIYour discovery URI. AUTH_OIDC_BASE_URLYour DataHub service URL.
After adding the secrets, wait for the frontend container to redeploy before using the application.
To log in using username and password instead, add /login to the end of the DataHub application URL.
Related pages