Loft can act as an OpenID Connect provider for other services, e.g. a self-hosted container registry using Harbor.
To tell Loft to act as OIDC provider, navigate to
Admin > Config and add the
oidc section to your config:
- name: "Example Client"
# - ADD A 2nd OIDC CLIENT HERE
# - ADD A 3rd OIDC CLIENT HERE
To configure Loft as an OIDC provider somewhere else, you can fill out the following fields with:
- OIDC Provider Endpoint / Issuer: https://loft.mycompany.tld/oidc
- OIDC Client ID: loft
- OIDC Client Secret: MYCLIENTSECRET
- Group Claim Name: groups
- Available OIDC Scopes: offline_access,openid,groups,email,profile
With this configuration, your Loft users will be able to authenticate in another application using their Loft account (which may itself be based on another SSO provider).