docs
/
Go to coder.comRequest Support
docs
/
Home
About
Comparison
Feedback
Getting started
Coder for Docker
Administrators
Data scientists
Developers
Workspaces
Create a workspace
Lifecycle
Applications
Auto-start
Dev URLs
Docker in workspaces
Editors and IDEs
Environment variables
Personalization
Preferences
Progressive web apps
SSH access
VS Code extensions
Workspace parameters
Workspace templates
Workspace templates
Workspace template code completion
Images
Import
Tags
Custom image creation
Configure script
Structure
TLS certificates
Deprecate
Embeddable button
Command line
Installation and setup
Remote terminal
File sync
Workspace management
Setup
Architecture
Requirements
Kubernetes
Local preview
K3s
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Red Hat OpenShift
Installation
Configuration
Air-gapped deployment
Network setup
Coder for Docker
Upgrade
Update considerations
Admin
Access control
Authentication management
Organization roles
User management
User roles
Password reset
Organizations
Org management
Registries
Default registry
Amazon Elastic Container Registry
Azure Container Registry
Google Container Registry
Satellites
Manage satellites
Migrate to satellite deployments
Global access URL configuration
Workspace management
Docker in workspaces
Cluster setup
Images
Management
Extensions
GPU acceleration
IDE installation
Memory provisioning
CPU provisioning
Self-contained workspace builds
Shutdown
SSH configuration
TUN device enablement
Workspace process logging
Workspace providers
Deployment
EC2
Kubernetes
Workspace provider management
Access URL
Account dormancy
Appearance
Audit
Browser security
Dev URLs
Direct workspace connections
Fallback shell
Git integration
Licensing
Telemetry
Templates
Usage metrics
Guides
Admin
Compute resources
Database migration
Helm charts
Image tag names
Logging
OpenID Connect with Azure AD
OpenID Connect with Google
OpenID Connect with Okta
Shared security responsibility
Storage
Usage monitoring
Customization
Git configuration
GPG forwarding
macOS keybindings
Node.js Projects
Tailscale
VNC
Deployment
Coder installation from an archive
Managed code-server Workspaces
Podman
PostgreSQL
Proxies
SAML 2.0 identity brokering
Teardown
Terraform
TLS certificates
Azure DNS
Google Cloud DNS
Cloudflare
Route 53
Configure TLS on Coder for Docker
Hosted beta
Mobile development
Public API
Troubleshooting
Activate JetBrains license in a browser
Admin password reset
Docker
GitHub OAuth integration
Image registry
inotify watcher limit problems
TypeError: Failed to fetch
Vite and HMR
Workspace organization
Changelog
1.28.0
1.28.2
1.28.1
1.27.0
1.27.2
1.27.1
1.26.0
1.26.2
1.26.1
Home
/
Admin
/
Access control

Authentication management

3 min read

Learn how to manage Coder authentication.

By default, Coder enables built-in authentication, though you can change this if desired.

To do so, go to Manage > Users. Find the user whose authentication type you want to change, and use the Auth Type to toggle between Built-In and OpenID Connect.

If you opt for OpenID Connect, you'll need to provide additional configuration steps, which are detailed in the subsequent sections of this article.

Set up OIDC authentication

To set up OIDC authentication, you'll first need to register a Coder application with your OIDC provider. During this process, you'll be asked to provide a domain name for the OIDC token callback; use https://coder.my-company.com/oidc/callback.

Once you've registered a Coder application with your OIDC provider, you'll need to return to Coder and complete the setup process. Under Admin > Manage > Authentication, ensure that you've selected OpenID Connect as the authentication type. Then, provide the following parameters:

  • Client ID: The client ID for the Coder application you registered with the OIDC provider
  • Client Secret: The secret assigned to the Coder application you registered with the OIDC provider
  • Issuer (e.g., https://my-idp.com/realm/my-org): The URL where Coder can find your OIDC provider's configuration document

If you do not have values for any of these parameters, you can obtain them from your OIDC provider.

There are several additional configuration parameters that may be of interest to you:

  • Enable Access Tokens: Toggle On if you'd like to allow users to fetch tokens from https://<yourDomain>/api/v0/users/me/oidc-access-token
  • Additional Scopes: Specify any scopes (beyond the default) that you would like Coder to request from the authentication provider. By default, Coder

requests the scopes openid, email, and profile. Consult your authentication provider's documentation for information on which scopes they support.

  • Disable built-in authentication: Choose whether Coder removes the ability to log in with an email/password option when you've enabled OIDC authentication

Disable built-in authentication

You can disable built-in authentication as an option for accessing Coder if you have OIDC configured.

Login page with built-in authentication disabled

To do so, navigate to Manage > Admin > Authentication. Then, toggle Disable built-in authentication to On and click Save preferences.

Site managers can still use built-in authentication. To view this option on the login page, add the following query parameter to the URL you use to access your Coder deployment:

/login?showAllAuthenticationTypes=1

See an opportunity to improve our docs? Make an edit.

Go to coder.comGitHub