At any time after the initial setup screen during installation, you can modify the system-wide configuration from the Admin page on the dashboard.

License Management

You can view the current license details in the License section on the Admin page, and upload a new license file if you'd like to replace the currently installed license.


The configuration section allows you to customize various settings that affect the entire installation.


By default Coder comes with a built in authentication provider. This is an email and password based authentication method that is built into the platform.

SAML Authentication

Another authentication option that's bundled with the platform is SAML 2.0. The fields required for setting this up can be summarized as follows:

  • IDP Metadata URL - This is the metadata URL that your SAML identity provider can be accessed on to get the XML containing information such as the EntityID, Endpoints, the public x.509 cert, etc. for the identity provider.
  • Public Certificate - This is the public x.509 certificate for Coder as a Service Provider, this should be used as the signing and encryption certificate for your IdP.
  • Private Key - This is used to encrypt, decrypt, and sign requests and responses between Coder and your identity provider. This should be kept private to the Coder service and shouldn't be shared.
  • Signature Algorithm - This is the algorithm used by both Coder and your identity provider to sign requests.
  • Name ID Format - This is the SAML name id format that the user's information is returned as.

The routes for the Coder Enterprise SAML Service Provider are:

  • /auth/saml/metadata (GET) - Returns the XML metadata representing the service provider.
  • /auth/saml/login (GET) - Builds the AuthnRequest and redirects to the identity provider to initiate the authentication flow.
  • /auth/saml/acs (POST) - Handles the assertion consumer service callback sent through the browser from the identity provider.
  • /auth/saml/logout (POST) - Handles logging out the user and clears the session token.

External URL

The external URL should be set to the externally accessible URL for the installation, i.e. the URL that you access the installation from in your browser.

Enabling Docker within Environments

By default, environments are run as unprivileged, preventing them from certain capabilities such as accessing the docker daemon. By enabling privileged environments, the environment will be deployed with a sidecar container running a docker daemon that is running as privileged. The environment will have all of the proper environment variables set to interact directly with the docker daemon running in the sidecar as long as the environment has the docker client installed.

While this feature can offer a great deal of convenience to a user's workflow, it is also at risk of being exploited by a malicious user and should be enabled with caution.

Note that changing this setting does not affect running environments. In order for the new setting to take effect, all running environments should be rebuilt.

To enable this feature, select "Enable Privileged Environments" in the admin console.

Table of Contents