Skip to main content

User Management

OpenID Connect (OIDC) SSO

PromptPanel integrates with OpenID Connect (OIDC), enabling Single Sign-On (SSO) capabilities for enhanced user convenience and security.

This allows users to authenticate using their existing credentials from other services, eliminating the need for separate logins.

Environment Variables

To enable OIDC SSO, you'll need to configure the following environment variables during container startup:

PROMPT_OIDC_DISPLAY_NAME: This sets the display name for the button that users will click to initiate the OIDC login process.

PROMPT_OIDC_CLIENT_ID and PROMPT_OIDC_CLIENT_SECRET: These variables hold the client ID and client secret provided by your OIDC identity provider.

PROMPT_OIDC_AUTHORIZE_URL and PROMPT_OIDC_ACCESS_TOKEN_URL: Specify the URLs for authorization and access token retrieval from your OIDC provider.

PROMPT_OIDC_KWARGS: This optional variable allows you to pass additional keyword arguments for customizing the OIDC configuration.

PROMPT_OIDC_USERINFO_URL: This URL should point to the endpoint that provides user information, including the user's email address, which is required for PromptPanel.

For enhanced security and control over user registration, it's highly recommended to set the PROMPT_USER_ALLOWED_DOMAINS environment variable.

This variable allows you to define a list of approved domains from which users can register and log in using OIDC. By restricting registration to specific domains, you can prevent unauthorized access and ensure that only trusted users can access your PromptPanel instance.

The variable expects a comma-separated string of domains, for example: domain1.com,domain2.com.

Docker Compose Example

The following is an example docker-compose.yml with the required fields for setting up GitHub OIDC:

version: "3.9"
services:
  promptpanel:
    image: promptpanel/promptpanel:latest
    container_name: promptpanel
    restart: always
    volumes:
      - ./database:/app/database
      - ./media:/app/media
    ports:
      - 4000:4000
    environment:
      # OIDC SSO
      PROMPT_OIDC_DISPLAY_NAME: GitHub
      PROMPT_OIDC_CLIENT_ID: CLIENT_ID
      PROMPT_OIDC_CLIENT_SECRET: CLIENT_SECRET
      PROMPT_OIDC_AUTHORIZE_URL: https://github.com/login/oauth/authorize
      PROMPT_OIDC_ACCESS_TOKEN_URL: https://github.com/login/oauth/access_token
      PROMPT_OIDC_USERINFO_URL: https://api.github.com/user/emails
      PROMPT_OIDC_KWARGS: '{"scope": "user:email"}'
      PROMPT_USER_ALLOWED_DOMAINS: promptpanel.com