Run Commands


Learn how to authenticate with Auth0.

May 26, 2023

Before You Start #

1. Register With Your IdP #

  1. Log in to your Auth0 account.
  2. In Applications, click Create Application.
  3. Type the name of your application, such as Pachyderm.
  4. In the application type, select Regular Web Application.
  5. Click Create.
  6. Go to the application settings.
  7. Scroll down to Application URIs.
  8. In the Allowed Callback URLs, add the Pachyderm callback link in the following format:
# Dex's issuer URL + "/callback"
  1. Scroll down to Show Advanced Settings.
  2. Select Grant Types.
  3. Verify that Authorization Code and Refresh Token are selected.

Auth0 Grant Settings

2. Set Up Connector #

  1. Create a JSON or YAML connector config file that matches your IdP.
  1. Update the following attributes:
idThe unique identifier of your connector (string).
nameIts full name (string).
typeThe type of connector. (oidc, saml).
versionThe version of your connector (integer - default to 0 when creating a new connector)
issuerThe domain of your application (here in Auth0). For example, Note the trailing slash.
client_idThe Pachyderm Client ID (here in Auth0). The client ID consists of alphanumeric characters and can be found on the application
settings page.
client_secretThe Pachyderm client secret (here in Auth0) located on the application settings page.
redirect_uriThis parameter should match what you have added to Allowed Callback URLs when registering Pachyderm on your IdP website.
  1. Open your Helm values.yml file.
  2. Find the oidc.upstreamIDPs section.
  3. Input your connector info; Pachyderm stores this value in the platform secret pachyderm-identity in the key upstream-idps.
upstream-idps: |
    - type: github
    id: github
    name: GitHub
    jsonConfig: >-
        "clientID": "xxx",
        "clientSecret": "xxx",
        "redirectURI": "",
        "loadAllGroups": true

Alternatively, you can create a secret containing your dex connectors (Key: upstream-idps) and reference its name in the field oidc.upstreamIDPsSecretName.

3. Login #

The users registered with your IdP are now ready to Log in to Pachyderm

Considerations #

Ingress #

When using an ingress: