Identity Providers

The Name* will be used to identify this provider on Stream and on the login page.

Enabled* allows to disable the identity provider when access from this authentication source is not needed.

Enabled on UI* allows to hide this provider on the login page, but it will still be available via direct API calls.

The Provider metadata URL* is the url where the OIDC provider provides its metadata. For example https://<oidc server>/.well-known/openid-configuration.

The Client Credentials* are Password credentials containing the client id and secret used to connect to the OIDC provider. They can be created on the go using the .

The Scope* used by Stream during authentication on the identity provider to authorize access to user’s details.

The Proxy used to access Provider metadata URL, if any.

The Timeout used for authentication on the identity provider. Must be a valid finite duration. The default value is 10 seconds.

The Identifier Claim* is a template string defining how to construct the identifier from the OpenID Connect claims. For example, if the user identifier is contained in the login claim, and should be lower case, then the configured value should be {{Lower({{login}})}}.

The Name Claim* is a template string defining how to construct the user name from the OpenID Connect claims. For example, if the user name must be constructed as family name, GIVEN NAME and family name is available in the family_name claim, given name is available in the given_name claim, then the configured value should be {{family_name}}, {{Upper({{given_name}})}}