Skip to main content

Configuration

In your .env file, enable the OIDC auth type. 
TRACECAT__AUTH_TYPES=oidc

Required environment variables

Set the following variables for your provider:
  • TRACECAT__PUBLIC_APP_URL
  • OIDC_ISSUER
  • OIDC_CLIENT_ID
  • OIDC_CLIENT_SECRET
  • OIDC_SCOPES (optional, defaults to openid profile email)

Instructions

1

Create an OIDC application with your identity provider

Register Tracecat as an application with your provider and allow the standard OpenID Connect scopes needed for sign-in.
2

Configure the redirect URI

Set the provider redirect URI to <your-domain>/auth/oauth/callback.For the local Docker Compose deployment, use http://localhost/auth/oauth/callback.
3

Configure environment variables in Tracecat

Add the public Tracecat URL, issuer URL, and client credentials to your .env file. Tracecat generates OAuth callback URLs from TRACECAT__PUBLIC_APP_URL, so this must match the external URL users visit.Example:
TRACECAT__PUBLIC_APP_URL=https://tracecat.example.com
OIDC_ISSUER=https://issuer.example.com
OIDC_CLIENT_ID=tracecat
OIDC_CLIENT_SECRET=replace-me
OIDC_SCOPES="openid profile email"
4

Restart Tracecat

Restart the application so the new auth configuration is loaded.