Available on: Enterprise Edition

How to configure the authentication for your Kestra instance.

Kestra provides two authentication methods:

  • Basic Auth: enabled by default
  • OpenID Connect (OIDC)

First, you need to configure the JWT token security. To do that, generate a secret that is at least 256 bits and add it to your kestra configuration as follows:

yaml
micronaut:
  security:
    token:
      jwt:
        signatures:
          secret:
            generator:
              secret: "your-256-bits-secret"

This secret must be the same on all your webserver instances and will be used to encode the JWT cookie.

Basic Authentification

The default installation comes with no users defined. To create an administrator account, use the following CLI command:

bash
./kestra-ee auths users create --admin --username=<admin-username> --password=<admin-password> --tenant=<tenant-id>

If you don't have multi-tenancy enabled, you can omit the --tenant parameter.

OpenID Connect (OIDC)

To enable OIDC in the application, make sure to enable OIDC in Micronaut:

yaml
micronaut:
  security:
    oauth2:
      enabled: true
      clients:
        google:
          client-id: "{{ clientId }}"
          client-secret: "{{ clientSecret }}"
          openid:
            issuer: "{{ issuerUrl }}"

More information can be found in the Micronaut OIDC configuration.

Single Sign-On (SSO) with Google, Microsoft, and others

Check the Single Sign-On documentation for more details on how to configure SSO with Google, Microsoft, and other providers.

Was this page helpful?