The Authentication tab allows you to choose how your users log in and gain access to Coder. Currently, you can choose between Built-In Authentication and OpenID Connect.

Built-In Authentication

Built-in authentication allows you (or any admin) to manually create users, who then log in with their email address and temporary password. Coder will ask them to change their password after they log in the first time.

OpenID Connect

The OpenID Connect (OIDC) option allows you to defer identity management to the OIDC provider of your choice.

Set up authentication via OIDC

Before proceeding, you'll need to register a Coder application with your OIDC Provider. You'll need to provide a domain name for the OIDC token callback; use https://coder.my-company.com/oidc/callback.

Once you've done this, you'll need to complete the setup process in Coder. On the Authentication tab, provide the following parameters:

  • Client ID: The client ID for the Coder application you registered with the OIDC provider
  • Client Secret: The secret assigned to the Coder application you registered with the OIDC provider
  • Issuer (e.g., https://my-idp.com/realm/my-org): The URL where Coder can find your OIDC provider's configuration document

If you do not have values for any of these parameters, you can obtain them from your OIDC provider.

Change the authentication method

You can change the authentication method by which a user logs into their Coder account.

To do so, go to Manage > Users. Find the user whose authentication type you want to change, and use the Auth Type to toggle between Built-In and OpenID Connect.

See an opportunity to improve our docs? Make an edit.