Simplify authentication and streamline access control with custom OIDC.
Foxglove now supports OpenID Connect (OIDC) for Single Sign-On (SSO), allowing you to integrate your existing identity provider (IdP) like Okta, Microsoft Entra ID, Auth0, or AWS Cognito. With this change, you can manage authentication more efficiently across your team, use your own IdP’s security policies, and streamline access control. The OIDC integration ensures compatibility with standard OAuth 2.0 workflows, making it easier to authenticate users while keeping the process secure and consistent.
The custom OIDC configuration gives you control over your team’s login process. Once your Foxglove organization is configured to use your OIDC IdP, the authentication is handled, including enforcing policies like two-factor authentication or password rotation. Foxglove handles token validation and session creation, but the authentication is entirely managed by your IdP. This means Foxglove is never in control of user credentials—your IdP manages that process.
The integration allows for a seamless, single-click login for users—for example, via Okta’s application tiles. When you set up the “Initiate login URL” in your IdP, the user clicks on the application tile, which redirects them to Foxglove’s sign-in page with the OIDC provider preselected. From there, the user is redirected to their IdP for authentication. Once authenticated, the IdP returns a signed token to Foxglove, which validates it and creates or updates the user’s session. Alternatively, you can start from your dedicated Foxglove sign in page and click the "Sign in with SSO" button: https://app.foxglove.dev/<your_org_slug>/signin
This flow is simple, efficient, and keeps the authentication process secure, allowing you to focus on the actual work of building and deploying reliable robots instead of managing access.
The authentication flow is straightforward:
auto-select-provider=oidc, which tells Foxglove to initiate the OIDC flow.Your IdP manages user authentication, meaning you can enforce any security measures that fit your needs—such as two-factor authentication or password rotation. You no longer need to worry about setting up these policies inside Foxglove; they are all handled by your IdP.
This approach also gives you more control over who can access your Foxglove organization. By configuring Foxglove’s exclusive auth provider setting, you can ensure that users can only log in through your specific OIDC configuration. This adds an extra layer of control, making sure the right users are authenticated in the right way.
Setting up OIDC for your team is straightforward. The organization settings page has been updated to simplify configuration. We’ve removed unnecessary fields and streamlined the process, relying on a more standard discovery URL to validate your IdP. If there are any issues, error messages will be more targeted, making troubleshooting easier. The documentation provides detailed guidance for setting up your IdP application and verifying your domain’s discovery URL.
Once you’ve configured OIDC, you can use your IdP’s administrative features to control access across your organization. This is particularly useful for teams with dozens or hundreds of engineers. Instead of managing multiple credentials, you can centralize authentication and reduce overhead.
If your IdP requires non-standard values, you can fine-tune advanced settings—such as custom claims—on your IdP’s side, knowing that Foxglove will seamlessly accept those tokens once your engineers land on the sign-in page. Typically, Foxglove only requires an email address, so the email claim should suffice. However, some providers, like Microsoft, use preferred_username or upn instead.
Custom OIDC for SSO in Foxglove gives you a standardized, secure way to handle authentication across your robotics teams. By using your IdP, you can enforce security policies, centralize access control, and simplify login processes for your users. Once set up, the integration is seamless, and you can focus on building and scaling your robot systems without worrying about managing access.
Check out the full documentation to get started with configuring OIDC for your team.
