LogoLogo
AboutBlogLaunch app ↗
v0.22.x
v0.22.x
  • Get Started
  • Overview
  • Getting Access to Distributional
  • Install the Python SDK
  • Quickstart
  • Learning about Distributional
    • Distributional Concepts
    • Why We Test Data Distributions
    • The Flow of Data
  • Using Distributional
    • Projects
    • Runs
      • Reporting Runs
      • Setting a Baseline Run
    • Metrics
    • Tests
      • Creating Tests
        • Using Filters in Tests
        • Available Statistics and Assertions
      • Running Tests
      • Reviewing Tests
        • What Is a Similarity Index?
    • Notifications
    • Access Controls
      • Organization and Namespaces
      • Users and Permissions
      • Tokens
  • Platform
    • Sandbox
    • Self-hosted
      • Architecture
      • Deployment
        • Helm Chart
        • Terraform Module
      • Networking
      • OIDC Authentication
      • Data Security
  • Reference
    • Query Language
      • Functions
    • Python SDK
      • dbnl
      • dbnl.util
      • dbnl.experimental
      • Classes
      • Eval Module
        • Quick Start
        • dbnl.eval
        • dbnl.eval.metrics
        • Application Metric Sets
        • How-To / FAQ
        • LLM-as-judge and Embedding Metrics
        • RAG / Question Answer Example
    • CLI
  • Versions
    • Release Notes
Powered by GitBook

© 2025 Distributional, Inc. All Rights Reserved.

On this page

Was this helpful?

Export as PDF
  1. Platform
  2. Self-hosted

OIDC Authentication

OIDC configuration options

PreviousNetworkingNextData Security

Was this helpful?

The dbnl platform uses OpenID Connect or OIDC for authentication. OIDC providers that are known to work with dbnl include:

  • Auth0

  • Microsoft Entra ID

  • Okta

Configuration

OIDC can be configured using the following options in the dbnl Helm chart or Terraform module:

  • audience

  • clientId

  • issuer

  • scopes

Instructions on how to get those options for each provider can be found below.

  1. Follow the Auth0 instructions to create a new SPA (single page application).

    1. In Settings > Application URIs, add the dbnl deployment domain to the list of Allowed Callback URLs (e.g. dbnl.mydomain.com).

  2. Navigate to Settings > Basic Information and copy the Client ID as the OIDC clientId option.

  3. Navigate to Settings > Basic Information and copy the Domain and prepend with https:// to use as the OIDC issuer option (e.g. https://my-app.us.auth0.com/).

  4. Follow the Auth0 instructions to create a custom API.

    1. Use your dbnl deployment domain as the Identifier (e.g. dbnl.mydomain.com).

  5. Navigate to Settings > General Settings and copy the Identifier as the OIDC audience option.

  6. Set the OIDC scopes option to "openid profile email".

  1. Follow the Microsoft Entra ID instructions to create a new SPA (single page application) and enable OIDC.

    1. Add the dbnl deployment domain as the callback URL (e.g. dbnl.mydomain.com).

  2. [Optional] Follow the Microsoft Entra ID instructions to restrict access to certain users.

  3. Navigate to App Registrations > (Application) > Manage > API permissions and add the Microsoft Graph email, openid and profile permissions to the application.

  4. Navigate to App Registrations > (Application) > Manage > Manifest and set access token version to 2.0 with "accessTokenAcceptedVersion": 2 .

  5. Navigate to App Registrations > (Application) > Manage > Token configuration > Add optional claim > Access > email to add the email optional claim to the access token type.

  6. Navigate to App Registrations > (Application) and copy the Application (client) ID (APP_ID) to be used as the OIDC clientId and OIDC audience options.

  7. Set the OIDC issuer option to https://login.microsoftonline.com/{APP_ID}/v2.0 .

  8. Set the OIDC scopes option to "openid email profile {APP_ID}/.default".

  1. Follow the Okta instructions to create a new SPA (single page application) and enable OIDC.

    1. Set the Sign-in redirect URIs to your dbnl domain (e.g. dbnl.mydomain.com)

  2. Navigate to General > Client Credentials and copy the Client ID to be used as the OIDC clientId option.

  3. Navigate to Sign on > OpenID Connect ID Token and copy the Issuer URL to be used as the OIDC issuer and OIDC audience options.

  4. Set the OIDC scopes option to "openid email profile" .