Release notesPython SDK docsTextual CloudTonic.ai

OpenID Connect (OIDC)

Use these instructions to set up an OpenID Connect SSO provider for Tonic Textual.

SSO setup

When you configure the application/client in your SSO system, you must configure it to use Authorization Code Flow.

You must also make note of the client_id. You must provide the client ID when you complete the configuration for Textual.

Redirect URI

In your SSO provider, configure the following redirect URI:

  • Sign-in redirect URI: <textual-base-url>/sso/callback/oidc

Textual configuration

Required environment variables

After you set up the SSO provider, you uncomment and configure the required environment variables in Textual.

  • The application client identifier

  • For HTTP basic authentication (client_secret_basic), the client secret

  • The base URL of the provider. This is the location of /.well-known/openid-configuration

  • A regular expression to identify groups that are permitted to use Textual.

For Kubernetes, in values. yaml:

For Docker, in .env:

Optional environment variables

You can optionally uncomment and configure the following optional environment variables:

  • A space-delimited list of scopes to request from the OIDC SSO provider. Because group information is not part of the standard OIDC specification, for Textual to capture group information, a custom scope must be configured.

  • The name of the claim that contains the user's first name.

  • The name of the claim that contains the user's last name.

  • The name of the claim that contains the user's email address or username.

  • The name of the claim that contains the user's group membership.

Textual has default values for these settings:

For Kubernetes, in values.yaml:

For Docker, in .env:

Last updated

Was this helpful?