OIDC Provider Setup
Choosing your OIDC provider
Using included Dex
If you do not have your own OIDC provider or perhaps you do not to integrate it with your current OIDC provider, you can always use included Dex provider. It is enabled by default in the Helm chart. You just need to consider how you will provide the certificate to Dex.
Certificate in referenced Secret object
dex: ingress: authHost: 'auth.company.com' tls: authSecretName: gooddata-cn-auth-tls
Certificate generated by cert manager
Dex supports cert manager annotations to dynamically provision certificates. Example:
dex: ingress: authHost: 'auth.company.com' annotations: cert-manager.io/cluster-issuer: letsencrypt-production
Using your own OIDC provider
If you have your own OIDC provider (Okta, Auth0 and others) you do not need to deploy the Dex.
You will setup your OIDC provider for each Organization later in the Administration Guide.