Learn how to configure OIDC for Infisical SSO with any OIDC-compliant identity provider
email
and given_name
.Setup Identity Provider
https://app.infisical.com/api/v1/sso/oidc/callback
. If you’re self-hosting Infisical, replace the domain with your own.1.3. Configure the scopes needed by Infisical (email, profile, openid) and ensure that they are mapped to the ID token claims.1.4. Access the IdP’s OIDC discovery document (usually located at https://<idp-domain>/.well-known/openid-configuration
). This document contains important endpoints such as authorization, token, userinfo, and keys.Finish configuring OIDC in Infisical
https://<idp-domain>/.well-known/openid-configuration
.Enable OIDC SSO in Infisical
Enforce OIDC SSO in Infisical
/login/admin
path e.g. https://app.infisical.com/login/admin.AUTH_SECRET
and SITE_URL
environment variable for it to
work:AUTH_SECRET
: A secret key used for signing and verifying JWT. This
can be a random 32-byte base64 string generated with openssl rand -base64 32
.SITE_URL
: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com)