OIDC & Restricting Access

DevGuard supports multiple authentication methods and OpenID Connect (OIDC) providers. You can configure which authentication methods are enabled and restrict access by disabling user registration.

Requirements

  • A self hosted DevGuard installation (Kubernetes or Docker Compose)
  • Access to modify the Helm chart values.yaml or Docker Compose environment variables

Authentication Methods

Control which authentication methods are available to users. All methods are configured in the Helm chart values.yaml:

OpenID Connect (OIDC) Configuration

Enable OIDC

Configure OIDC providers in your values.yaml:

GitHub Provider

Configure GitHub as an OIDC provider:

Create the required secret:

GitLab Provider

Configure GitLab as an OIDC provider with optional integrations:

GitLab Secrets

Create the required secrets:

GitLab Auto-Setup Application

Configure an OAuth application for automatic repository setup feature:

Create the auto-setup secret:

Restricting User Registration

To disable new user registration and restrict access to existing users or OIDC-authenticated users only, modify the Kratos configuration after deployment.

Disable Registration

Edit the kratos-config ConfigMap:

Locate the registration section under selfservice.flows and set enabled: false:

Restart the Kratos deployment for changes to take effect:

OIDC-Only Mode

To enforce OIDC authentication exclusively:

  1. Disable all other authentication methods:
  1. Enable OIDC with at least one provider:

Advanced Configuration

DevGuard uses Ory Kratos for identity and authentication management. For advanced configuration options and detailed guides on self-hosted deployments, refer to the Ory Kratos self-hosted documentation.

Have feedback? We want to hear from you!

Fields marked with * are required