OAuth and OIDC Support in Fides

OAuth and OIDC support in Fides is still in beta. Some features may be incomplete, but the experience should be stable.

Fides supports OAuth and OIDC for login for simpler user access control management in larger organizations.

Supported integrations

Fides currently supports integrations with Okta, Google Workspace, and Azure Active Directory. You can also configure an integration with other services by providing additional connection information.

Configuration

Follow the steps below to start the integration process, then follow the links for each provider to complete the setup.

Log in to Fides and navigate to the "Settings > About Fides" page.
Turn on the beta features "Organization management" and "Sso authentication".

Beta flags for SSO in the About Fides tab

Navigate to "Settings > Organization"
Click "Add SSO Provider" and select your provider.

Selecting an SSO provider from the organization tab.

Follow the links below for instructions on configuring each supported provider.

Okta
Google Workspace (coming soon!)
Azure AD (coming soon!)
Custom provider (coming soon!)

Limitations

There are a few limitations to be aware of when configuring OIDC for login in Fides.

There is no CLI login support yet. Users of the CLI will still need a username and password to authenticate from the CLI.
Fides does not yet support any type of automatic user provisioning. Users must still be created and assigned roles from Fides before they can login using one of the supported providers.
Any custom login provider must include the email_verified claim in the OIDC response.

Testing Messaging Configurations Configuring OIDC with Okta