OIDC Provider Setup

Choosing your OIDC provider

Using included Dex

If you do not have your own OIDC provider or perhaps you do not to integrate it with your current OIDC provider, you can always use included Dex provider. It is enabled by default in the Helm chart. You just need to consider how you will provide the certificate to Dex.

Certificate in referenced Secret object

dex:
  ingress:
    authHost: 'auth.company.com'
    tls:
      authSecretName: gooddata-cn-auth-tls

Certificate generated by cert manager

Dex supports cert manager annotations to dynamically provision certificates. Example:

dex:
  ingress:
    authHost: 'auth.company.com'
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-production

Using your own OIDC provider

If you have your own OIDC provider (Okta, Auth0 and others) you do not need to deploy the Dex.

deployDexIdP: false

You will setup your OIDC provider for each Organization later in the Administration Guide .