Configure Briefer to use your single sign-on provider on your self-hosted Briefer instance.
OIDC_ISSUER_URL
is the URL of your IdP. For example, https://keycloak.example.com/realms/your-realm
.OIDC_CLIENT_ID
is the client ID that Briefer will use to authenticate with your IdP.
Please use a confidential client so that a client secret is available.OIDC_CLIENT_SECRET
is the client secret for the client whose ID is specified in OIDC_CLIENT_ID
.OIDC_REDIRECT_TIMEOUT
is the time that Briefer will wait for the user to authenticate with the IdP. The default is 1h
(1 hour), but you can set it to Xm
(minutes) or Xs
(seconds) too.
OIDC_ENCRYPTION_KEY
is a 32-byte key used to encrypt OIDC-related session data, like refresh tokens if your IdP supports them.
You can generate a key using openssl rand -base64 32
.DISABLE_EMAIL_LOGIN
to true so that users can only log in using SSO.
After setting these variables, you should see a “Log in with SSO” button on the login page.