Documentation Index

Fetch the complete documentation index at: https://kb.vastdata.com/llms.txt

Use this file to discover all available pages before exploring further.

OIDC Provider

  • Updated on May 22, 2026
  • Published on Jan 27, 2026
  • 2 minute(s) read
Prev Next

OIDC is a web-based protocol that uses OAuth2 for authorization and adds an authentication layer.

You can configure up to eight external OIDC providers in a cluster. These providers can be used to authenticate client users, and generate JWTs for them. These tokens can be used, in turn, by clients users to assume VAST IAM roles, and obtain S3 access keys from the VAST STS server, to access S3 buckets in the cluster.

To be able to use a configured OIDC provider for a tenant, ​attach​​ the provider to the tenant in tenant settings.

Creating an OIDC Provider in VAST Web UI

  1. Navigate to the User Management page and select VAST Providers.

  2. Click Add New Provider, and select OIDC.

  3. Enter the following details for the OIDC provider:

    Name

    The name for the provider, as it will appear in the list of OIDC providers.

    Discovery JSON URL

    The URL for the discovery JSON for the provider. This provides metadata about the OIDC provider.

    Username attribute in JWT

    A user attribute in the JWT that is used for audit records. The value of this attribute will be added to audit records to indicate the user. Specify a single attribute (optional).

    Examples: email, name, preferred_username

    Description (optional)

    A description for the provider (free text).

  4. Optionally, in the Certificate section, click Add new to upload a certificate for the provider.

  5. Click Create.

Attaching an OIDC Provider to the Tenant in VAST Web UI

After the OIDC provider is created, attach it to the tenant as follows:

  1. Choose ​Element Store​ -> ​Tenants​ to open the ​Tenants​​ page.

  2. Right-click the tenant you want and select ​Edit​​ to open tenant settings.

  3. In the ​Providers and User Access​ -> ​Set Providers​ tab, click ​OIDC Providers​​ and select the newly created OIDC provider.

  4. Click ​Update​​ to save the changes.

Modifying an OIDC Provider in VAST Web UI

Follow these steps to change settings for the OIDC provider in the VAST cluster.

  1. In the ​User Management​ -> ​OIDC Providers​ page, right-click an OIDC provider and select Edit.

  2. Make change to the details for the provider, as necessary.

  3. Click Update.

Refreshing OIDC Keys in VAST Web UI

The VAST cluster refreshes the OIDC public keys every 24 hours. You can manually refresh the keys, as well, using the following steps.

  1. In the ​User Management​ -> ​OIDC Providers​ page, right-click an OIDC provider and select Refresh Now.

  2. When prompted to confirm, click Yes.

Deleting an OIDC Provider in VAST Web UI

In order to remove an OIDC provider, you must first disassociate it from any tenant it is associated with (see Modifying Tenants via VAST Web UI).

  • In the ​User Management​ -> ​OIDC Providers​ page, right-click an OIDC provider and select Delete.

Managing OIDC Providers in VAST CLI

Task

Command

Create an OIDC provider on the cluster

oidc create

Modify an OIDC provider on the cluster

oidc modify

Delete an OIDC provider

oidc delete

List all OIDC providers

oidc list

Show details for an OIDC provider

oidc show

Refresh JWKs for a an OIDC provider

oidc refresh_keys

Related articles
  • Managing VAST Providers
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Users > Providers > VAST Providers
  • Configuring Kerberos on VAST Cluster
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Users > Providers > Kerberos
  • oidc list
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 CLI Command Reference > oidc commands