How to configure single sign-on with OIDC

OpenID Connect (OIDC) is an interoperable authentication protocol based on the OAuth 2.0 framework. It allows applications to verify user identities and obtain basic user profile information from an external, trusted identity provider.

LXD uses OIDC to authenticate users to the web UI and the CLI without needing to store a local password. In both cases, LXD redirects the user to the configured identity provider’s login page via the browser. Upon successful authentication, the UI or CLI client receives a secure token from the identity provider that validates the session. For more information, see: OpenID Connect authentication.

The following how-to guides provide detailed instructions for the SSO-based identity providers supported by LXD:

• How to configure Auth0
• How to configure Ory Hydra
• How to configure Keycloak
• How to configure Entra ID

Related topics

How-to guides:

• How to add remote servers

• How to expose LXD to the network

Explanation:

• Remote API authentication