OIDC Provider

  • Updated on Jan 31, 2026
  • Published on Jan 27, 2026
  • 2 minute(s) read
Prev Next

OIDC is a web-based protocol that uses OAuth2 for authorization and adds an authentication layer.

You can configure up to eight external OIDC providers in a cluster. These providers can be used to authenticate client users, and generate JWTs for them. These tokens can be used, in turn, by clients users to assume VAST IAM roles, and obtain S3 access keys from the VAST STS server, to access S3 buckets in the cluster.

Creating an OIDC Provider using the VAST Web UI

  1. Navigate to the User Management page and select VAST Providers.

  2. Click Add New Provider, and select OIDC.

  3. Enter the following details for the OIDC provider:

    Name

    The name for the provider, as it will appear in the list of OIDC providers.

    Discovery JSON URL

    The URL for the discovery JSON for the provider. This provides metadata about the OIDC provider.

    Username attribute in JWT

    A user attribute in the JWT that is used for audit records. The value of this attribute will be added to audit records to indicate the user. Specify a single attribute (optional).

    Examples: email, name, preferred_username

    Description (optional)

    A description for the provider (free text).

  4. Optionally, in the Certificate section, click Add new to upload a certificate for the provider.

  5. Click Create.

Modifying an OIDC Provider using the VAST Web UI

Follow these steps to change settings for the OIDC provider in the VAST cluster.

  1. Right-click on the OIDC provider in the list, and select Edit.

  2. Make change to the details for the provider, as necessary.

  3. Click Update.

Refreshing OIDC Keys using the VAST Web UI

The VAST cluster refreshes the OIDC public keys every 24 hours. You can manually refresh the keys, as well, using the following steps.

  1. Right-click on the OIDC provider in the list, and select Refresh Now.

  2. When prompted to confirm, click Yes.

Deleting an OIDC Provider using the VAST Web UI

In order to remove an OIDC provider, you must first disassociate it from any tenant it is associated with (see Modifying Tenants via VAST Web UI).

  • Right-click on the OIDC provider in the list, and select Delete.

Managing OIDC Providers using the VAST CLI

Task

Command

Create an OIDC provider on the cluster

oidc create

Modify an OIDC provider on the cluster

oidc modify

Delete an OIDC provider

oidc delete

List all OIDC providers

oidc list

Show details for an OIDC provider

oidc show

Refresh JWKs for a an OIDC provider

oidc refresh_keys

Related articles
  • Managing VAST Providers
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Users > Providers > VAST Providers
  • oidc list
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 CLI Command Reference > oidc commands
  • Configuring Kerberos on VAST Cluster
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Users > Providers > Kerberos