sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

v0.62 Quick Fixes and Edits (#537)

Browse Source
This commit is contained in:
Brandon Hopkins
2026-01-07 18:02:45 -08:00
committed by GitHub
parent de7571f552
commit b0d218484a
10 changed files with 100 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/pages/selfhosted/identity-providers/authentik.mdx
View File

@@ -4,9 +4,9 @@ import {Note} from "@/components/mdx";
[Authentik](https://goauthentik.io) is an open-source identity provider focused on flexibility and security. It serves as a self-hosted alternative to commercial solutions like Okta and Auth0, providing single sign-on (SSO), multi-factor authentication (MFA), access policies, user management, and support for SAML and OIDC protocols.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Authentik as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add Authentik as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -29,7 +29,7 @@ Add Authentik as a connector to the embedded IdP. This is the simplest approach
- **Authentication Flow**: `default-authentication-flow (Welcome to authentik!)`
- **Authorization Flow**: `default-provider-authorization-explicit-consent (Authorize Application)`
- **Client type**: `Confidential`
- **Redirect URIs/Origins**: Leave empty for now (you'll add this after creating the connector in NetBird)
- **Redirect URIs/Origins**: Leave empty for now (you'll add this after adding the identity provider in NetBird)
- **Signing Key**: Select any cert present, e.g., `authentik Self-signed Certificate`
6. Click **Finish**
@@ -49,7 +49,7 @@ Add Authentik as a connector to the embedded IdP. This is the simplest approach
<img src="/docs-static/img/selfhosted/identity-providers/self-hosted/authentik/authentik-new-application.png" alt="Create application" className="imagewrapper-big"/>
</p>
### Step 3: Add Connector in NetBird
### Step 3: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -88,7 +88,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use Authentik as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Authentik administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer not to self-host an Identity and Access Management solution, you could use a managed alternative like [Auth0](/selfhosted/identity-providers/managed/auth0).
@@ -101,7 +101,7 @@ If you prefer not to self-host an Identity and Access Management solution, you c
### Step 1: Create OAuth2/OpenID Provider
Follow steps 1-2 from the connector setup above, but configure the provider as follows:
Follow steps 1-2 from the Management Setup above, but configure the provider as follows:
- **Client type**: `Public`
- **Redirect URIs/Origins (RegEx)**:
@@ -119,7 +119,7 @@ Take note of **Client ID** for later use.
### Step 2: Create Application
Follow step 2 from the connector setup to create the NetBird application.
Follow step 2 from the Management Setup to create the NetBird application.
### Step 3: Create Service Account
@@ -220,7 +220,7 @@ You've configured all required resources in Authentik. Continue with the [NetBir
### "Invalid redirect URI" error
- Ensure the redirect URI exactly matches what NetBird provides
- For connector setup: Copy the exact URL from the success modal
- For Management Setup: Copy the exact URL from the success modal
- For standalone: Use regex pattern `https://<domain>/.*`
### Authentication fails silently

12
src/pages/selfhosted/identity-providers/keycloak.mdx
View File

@@ -4,9 +4,9 @@ import {Note} from "@/components/mdx";
[Keycloak](https://www.keycloak.org/) is an open-source Identity and Access Management solution maintained by Red Hat. It provides single sign-on, social login, user federation, fine-grained authorization, and supports OpenID Connect, OAuth 2.0, and SAML 2.0 protocols.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Keycloak as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add Keycloak as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -30,7 +30,7 @@ Add Keycloak as a connector to the embedded IdP. This is the simplest approach a
9. Click **Save**
10. Go to the **Credentials** tab and copy the **Client secret**
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -73,7 +73,7 @@ Users who authenticate via Keycloak will appear in your NetBird Users list with
Use Keycloak as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Keycloak administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer not to self-host an Identity and Access Management solution, you could use a managed alternative like [Auth0](/selfhosted/identity-providers/managed/auth0).
@@ -301,7 +301,7 @@ You've configured all required resources in Keycloak. Continue with the [NetBird
### "Invalid redirect URI" error
- Ensure the redirect URI matches exactly what's configured
- For connector: Use the exact URL from the NetBird success modal
- For Management Setup: Use the exact URL from the NetBird success modal
- For standalone: Include both `https://YOUR_DOMAIN/*` and `http://localhost:53000`
### "Invalid token" errors
@@ -312,7 +312,7 @@ You've configured all required resources in Keycloak. Continue with the [NetBird
### Users not appearing in NetBird
- For connector: Users appear after their first successful login
- For Management Setup: Users appear after their first successful login
- For standalone: Verify the backend client has `view-users` role
---

15
src/pages/selfhosted/identity-providers/managed/auth0.mdx
View File

@@ -4,9 +4,9 @@ import {Note} from "@/components/mdx";
[Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that handles identity infrastructure so you don't have to.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Auth0 as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add Auth0 as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -26,7 +26,7 @@ Add Auth0 as a connector to the embedded IdP. This is the simplest approach and
7. Note the **Client ID** and **Client Secret**
8. Note the **Domain** (e.g., `your-tenant.auth0.com`)
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -41,23 +41,24 @@ Add Auth0 as a connector to the embedded IdP. This is the simplest approach and
| Client Secret | From Auth0 application |
| Issuer | `https://your-tenant.auth0.com` |
5. Click **Save**
5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
### Step 3: Configure Redirect URI
After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to your Auth0 application:
NetBird displays the **Redirect URL**. Copy this URL and add it to your Auth0 application:
1. Return to Auth0 Dashboard → **Applications** → **NetBird**
2. Go to **Settings** tab
3. Under **Allowed Callback URLs**, add the redirect URL from NetBird
4. Click **Save Changes**
5. Click **Add Provider** in NetBird
### Step 4: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see an "Auth0" button
3. Click it and authenticate
4. You should be redirected back to NetBird and logged in
4. You should be redirected back to NetBird and logged in. Unless your user approval setting were changed you will need to log back into your local admin account to approve the user.
---
@@ -65,7 +66,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use Auth0 as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Auth0 administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer to have full control over authentication, consider self-hosted alternatives like [Keycloak](/selfhosted/identity-providers/keycloak).

20
src/pages/selfhosted/identity-providers/managed/google-workspace.mdx
View File

@@ -4,9 +4,9 @@ import {Note} from "@/components/mdx";
Use Google accounts for authentication with NetBird. This supports both personal Google accounts and Google Workspace (formerly G Suite) organizations.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Google as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add Google as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -31,7 +31,7 @@ Add Google as a connector to the embedded IdP. This is the simplest approach and
7. Click **Create**
8. Note the **Client ID** and **Client Secret**
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -45,28 +45,24 @@ Add Google as a connector to the embedded IdP. This is the simplest approach and
| Client ID | From Google Cloud Console |
| Client Secret | From Google Cloud Console |
<Note>
Google connectors don't require an Issuer field—it's determined automatically.
</Note>
5. Click **Save**
5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
### Step 3: Configure Redirect URI
After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to your Google OAuth client:
NetBird displays the **Redirect URL**. Copy this URL and add it to your Google OAuth client:
1. Return to Google Cloud Console → **Credentials**
2. Click on your OAuth client
3. Under **Authorized redirect URIs**, click **Add URI**
4. Paste the redirect URL from NetBird
5. Click **Save**
5. Click **Add Provider**
### Step 4: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see a "Google" button
3. Click it and sign in with your Google account
4. You should be redirected back to NetBird and logged in
4. You should be redirected back to NetBird and logged in. Unless your user approval setting were changed you will need to log back into your local admin account to approve the user.
### Restricting to Google Workspace Domains
@@ -86,7 +82,7 @@ Domain restrictions are configured in Google Cloud Console, not in NetBird.
Use Google Workspace as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Google Workspace administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP manager no longer requires the custom admin role called `User and Schema Management`. We now use a read-only role for user information.

15
src/pages/selfhosted/identity-providers/managed/jumpcloud.mdx
View File

@@ -4,9 +4,9 @@ import {Note} from "@/components/mdx";
[JumpCloud](https://jumpcloud.com/) is a cloud-based directory platform that provides identity, access, and device management. It offers single sign-on (SSO), multi-factor authentication (MFA), and centralized user management.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add JumpCloud as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add JumpCloud as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -30,7 +30,7 @@ Add JumpCloud as a connector to the embedded IdP. This is the simplest approach
11. Click **Activate**
12. Note the **Client ID** and **Client Secret**
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -45,16 +45,17 @@ Add JumpCloud as a connector to the embedded IdP. This is the simplest approach
| Client Secret | From JumpCloud |
| Issuer | `https://oauth.id.jumpcloud.com` |
5. Click **Save**
5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
### Step 3: Configure Redirect URI
After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to your JumpCloud application:
NetBird displays the **Redirect URL**. Copy this URL and add it to your JumpCloud application:
1. Return to JumpCloud Admin → **SSO Applications** → **NetBird**
2. Click the **SSO** tab
3. Under **Redirect URIs**, add the redirect URL from NetBird
4. Click **Save**
5. Click **Add Provider** in NetBird
### Step 4: Assign User Groups
@@ -67,7 +68,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
1. Log out of NetBird Dashboard
2. On the login page, you should see a "JumpCloud" button
3. Click it and authenticate with your JumpCloud credentials
4. You should be redirected back to NetBird and logged in
4. You should be redirected back to NetBird and logged in. Unless your user approval setting were changed you will need to log back into your local admin account to approve the user.
---
@@ -75,7 +76,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use JumpCloud as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced JumpCloud administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
### Prerequisites

39
src/pages/selfhosted/identity-providers/managed/microsoft-entra-id.mdx
View File

@@ -4,30 +4,31 @@ import {Note} from "@/components/mdx";
Use Microsoft accounts for authentication with NetBird. This supports both personal Microsoft accounts and Microsoft Entra ID (formerly Azure AD) for work and school accounts.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Microsoft as a connector to the embedded IdP. Choose the appropriate connector type based on your needs:
Add Microsoft as an external IdP directly in the NetBird Management Dashboard. Choose the appropriate identity provider type based on your needs:
| Connector Type | Use Case |
|---------------|----------|
| Identity Provider Type | Use Case |
|------------------------|----------|
| **Microsoft** (`microsoft`) | Personal Microsoft accounts |
| **Microsoft Entra ID** (`entra`) | Work/school accounts via Azure AD |
### Prerequisites
- NetBird self-hosted with embedded IdP enabled
- Access to [Azure Portal](https://portal.azure.com/) or [Entra Admin Center](https://entra.microsoft.com/)
- Access the [Entra Admin Center](https://entra.microsoft.com/)
### Step 1: Create App Registration
1. Navigate to [Azure Portal](https://portal.azure.com/) → **Azure Active Directory** (or [Entra Admin Center](https://entra.microsoft.com/))
1. Navigate to [Entra Admin Center](https://entra.microsoft.com/))
2. Click **App registrations** → **New registration**
3. Fill in:
- **Name**: `NetBird`
- **Supported account types**: Choose based on your needs:
- *Single tenant (your organization only)*: `Accounts in this organizational directory only (Default Directory only - Single tenant)`
- *Multi-tenant (any Entra ID organization)*: `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)`
- *Multi-tenant with personal accounts*: `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`
- *Personal accounts only*: `Personal Microsoft accounts only`
- *Work/school only*: `Accounts in this organizational directory only`
- *Both*: `Accounts in any organizational directory and personal Microsoft accounts`
- **Redirect URI**: Leave empty for now
4. Click **Register**
5. Note the **Application (client) ID** and **Directory (tenant) ID**
@@ -40,7 +41,7 @@ Add Microsoft as a connector to the embedded IdP. Choose the appropriate connect
4. Click **Add**
5. Copy the **Value** immediately (it won't be shown again)
### Step 3: Add Connector in NetBird
### Step 3: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -66,24 +67,29 @@ Add Microsoft as a connector to the embedded IdP. Choose the appropriate connect
| Client Secret | Secret value from Azure |
| Tenant ID | Directory (tenant) ID from Azure |
5. Click **Save**
<Note>
Microsoft doesn't require an Issuer URL—it's determined automatically.
</Note>
5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
### Step 4: Configure Redirect URI
After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to your Azure app:
NetBird displays the **Redirect URL**. Copy this URL and add it to your Azure app:
1. Return to Azure Portal → Your app registration
2. Go to **Authentication**
3. Click **Add a platform** → **Single-page application**
3. Click **Add a platform** → **Web application**
4. Add the redirect URL from NetBird
5. Click **Configure**
6. Click **Add Provider** in NetBird
### Step 5: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see the Microsoft button
3. Click it and sign in with your Microsoft account
4. You should be redirected back to NetBird and logged in
4. You should be redirected back to NetBird and logged in. Unless your user approval setting were changed you will need to log back into your local admin account to approve the user.
---
@@ -91,7 +97,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use Microsoft Entra ID as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Microsoft Entra ID administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer to have full control over authentication, consider self-hosted alternatives like [Keycloak](/selfhosted/identity-providers/keycloak).
@@ -108,9 +114,10 @@ If you prefer to have full control over authentication, consider self-hosted alt
2. Click **App Registrations** → **+ New registration**
3. Fill in:
- **Name**: `Netbird`
- **Supported account types**: `Accounts in this organizational directory only (Single tenant)`
- **Supported account types**: `Accounts in this organizational directory only (Default Directory only - Single tenant)`
- **Redirect URI**: Select `Single-page application (SPA)` and enter `https://<yournetbirddomain.com>/silent-auth`
4. Click **Register**
5. After registration, note the **Application (client) ID** from the Overview page (you'll need this in Step 3)
<p>
<img src="/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-new-application.png" alt="New application" className="imagewrapper-big"/>
@@ -149,7 +156,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
</p>
6. Under **Authorized client applications**, click **+ Add a client application**
7. Enter your **Client ID** (same as Application ID URI minus `api://`)
7. Enter your **Client ID** (the Application (client) ID you noted when creating the app registration in Step 1)
8. Click **Add application**
<p>

45
src/pages/selfhosted/identity-providers/managed/okta.mdx
View File

@@ -4,16 +4,16 @@ import {Note} from "@/components/mdx";
[Okta](https://www.okta.com/) is a cloud-based identity and access management service for enterprise use, providing single sign-on, multi-factor authentication, and lifecycle management.
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Okta as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add Okta as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
- NetBird self-hosted with embedded IdP enabled
- Okta Workforce Identity Cloud account
### Step 1: Create OIDC Application in Okta
### Step 1: Start Creating OIDC Application in Okta
1. Navigate to Okta Admin Dashboard
2. Click **Applications** → **Applications**
@@ -25,13 +25,16 @@ Add Okta as a connector to the embedded IdP. This is the simplest approach and r
6. Fill in:
- **App integration name**: `NetBird`
- **Grant type**: `Authorization Code`
- Leave redirect URIs empty for now
7. Click **Save**
8. Note the **Client ID** and **Client Secret**
- Leave redirect URIs empty for now (you'll add this in Step 3)
7. Under **Assignments**, select an option for controlled access:
- **Allow everyone in your organization to access** (recommended for testing)
- **Limit access to selected groups** (for production)
- **Skip group assignment for now** (assign later)
8. **Don't click Save yet** — keep this tab open and proceed to Step 2
### Step 2: Add Connector in NetBird
### Step 2: Get Redirect URL from NetBird
1. Log in to your NetBird Dashboard
1. Open a new tab or window and log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
3. Click **Add Identity Provider**
4. Fill in the fields:
@@ -40,27 +43,31 @@ Add Okta as a connector to the embedded IdP. This is the simplest approach and r
|-------|-------|
| Type | Okta |
| Name | Okta (or your preferred display name) |
| Client ID | From Okta application |
| Client Secret | From Okta application |
| Client ID | From Okta application (will fill after Step 3) |
| Client Secret | From Okta application (will fill after Step 3) |
| Issuer | Your Okta URL (e.g., `https://your-org.okta.com`) |
5. Click **Save**
5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
### Step 3: Configure Redirect URI
### Step 3: Complete Okta Application Setup
After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to your Okta application:
1. Return to the Okta tab
2. In the **Sign-in redirect URIs** field, paste the redirect URL you copied from NetBird
3. Click **Save**
4. Note the **Client ID** and **Client Secret** — you'll need these for Step 4
1. Return to Okta Admin → **Applications** → **NetBird**
2. Click **Edit** in the General Settings
3. Add the redirect URL from NetBird to **Sign-in redirect URIs**
4. Click **Save**
### Step 4: Complete NetBird Setup
1. Return to the NetBird tab
2. Fill in the **Client ID** and **Client Secret** from Step 3
3. Click **Add Provider**
### Step 4: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see an "Okta" button
3. Click it and authenticate with your Okta credentials
4. You should be redirected back to NetBird and logged in
4. You should be redirected back to NetBird and logged in. Unless your user approval setting were changed you will need to log back into your local admin account to approve the user.
---
@@ -68,7 +75,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use Okta as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Okta administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer to have full control over authentication, consider self-hosted alternatives like [Keycloak](/selfhosted/identity-providers/keycloak).

8
src/pages/selfhosted/identity-providers/pocketid.mdx
View File

@@ -8,9 +8,9 @@ import {Note} from "@/components/mdx";
PocketID is secure and effective but makes some tradeoffs in terms of features. Notably, it does not allow scoping the access of API Tokens. Keep careful track of the token used by NetBird for management.
</Note>
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add PocketID as a connector to the embedded IdP. This is the simplest approach and recommended for most deployments.
Add PocketID as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach and recommended for most deployments.
### Prerequisites
@@ -30,7 +30,7 @@ Add PocketID as a connector to the embedded IdP. This is the simplest approach a
6. Click **Save**
7. Note the **Client ID** and **Client Secret**
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -69,7 +69,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use PocketID as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced PocketID administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
### Prerequisites

14
src/pages/selfhosted/identity-providers/zitadel.mdx
View File

@@ -5,12 +5,12 @@ import {Note} from "@/components/mdx";
[Zitadel](https://zitadel.com) is an open-source identity infrastructure platform designed for cloud-native environments. It provides multi-tenancy, customizable branding, passwordless authentication, and supports protocols like OpenID Connect, OAuth2, SAML2, and LDAP.
<Note>
Zitadel was previously used in the NetBird quickstart script. If you have an existing Zitadel deployment, you can continue using it as a standalone IdP or migrate to the embedded IdP with Zitadel as a connector.
Zitadel was previously used in the NetBird quickstart script. If you have an existing Zitadel deployment, you can continue using it as a standalone IdP or migrate to the embedded IdP with Zitadel as an external IdP directly in the NetBird Management Dashboard.
</Note>
## Connector Setup (Recommended)
## Management Setup (Recommended)
Add Zitadel as a connector to the embedded IdP. This is the simplest approach for new deployments or when migrating from the previous quickstart.
Add Zitadel as an external IdP directly in the NetBird Management Dashboard. This is the simplest approach for new deployments or when migrating from the previous quickstart.
### Prerequisites
@@ -33,7 +33,7 @@ Add Zitadel as a connector to the embedded IdP. This is the simplest approach fo
9. Go to **Token Settings** and enable **User Info inside ID Token**
10. Note the **Client ID** and generate a **Client Secret**
### Step 2: Add Connector in NetBird
### Step 2: Add Identity Provider in NetBird
1. Log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
@@ -72,7 +72,7 @@ After saving, NetBird displays the **Redirect URL**. Copy this URL and add it to
Use Zitadel as your primary identity provider instead of NetBird's embedded IdP. This option gives you full control over authentication and user management, is recommended for experienced Zitadel administrators as it also requires additional setup and ongoing maintenance.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Connector Setup (Recommended)](#connector-setup-recommended) section above.
For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) is the simpler choice — it's built into NetBird, fully integrated, and requires minimal configuration to get started. For this implementation, go back up to the [Management Setup (Recommended)](#management-setup-recommended) section above.
<Note>
If you prefer not to self-host, Zitadel offers a managed cloud option at [zitadel.com](https://zitadel.com/).
@@ -241,9 +241,9 @@ If you deployed NetBird using the previous quickstart script with Zitadel:
**Option A - Keep using Zitadel standalone**: Continue with your existing setup. No changes needed.
**Option B - Add Zitadel as connector to embedded IdP**:
**Option B - Add Zitadel as external IdP directly in NetBird Management Dashboard**:
1. Deploy new NetBird version with embedded IdP
2. Add your existing Zitadel as a connector (follow connector setup above)
2. Add your existing Zitadel as an external IdP directly in the NetBird Management Dashboard (follow Management Setup above)
3. Users can continue logging in with Zitadel
4. Optionally create local user accounts as fallback

4
src/pages/selfhosted/selfhosted-guide.mdx
View File

@@ -151,7 +151,7 @@ Pick the one that suits your needs, follow the **Standalone Setup (Advanced)** s
- [JumpCloud](/selfhosted/identity-providers/managed/jumpcloud) - Cloud directory
<Note>
Each provider page includes both "Connector Setup" (for use with embedded IdP) and "Standalone Setup (Advanced)" sections. For this guide, follow the **Standalone Setup** section.
Each provider page includes both "Management Setup (Recommended)" (for use with the embedded IdP) and "Standalone Setup (Advanced)" sections. For this guide, follow the **Standalone Setup (Advanced)** section.
</Note>
### Step 4: Disable single account mode (optional)
@@ -305,7 +305,7 @@ To upgrade NetBird to the latest version, you need to review the [release notes]
If you've deployed NetBird using this advanced guide and want to simplify your setup by migrating to the embedded IdP:
1. Your existing IdP can be added as a **connector** to the embedded IdP
1. Your existing IdP can be added as an embedded IdP directly in the NetBird Management Dashboard
2. Users can continue logging in with their existing credentials
3. You can gradually transition to local user management