Plan: Plane One, Plane ProPlane One enables custom SSO via any identity provider with an official and supported implementation of OIDC standards. This page cites examples from Okta, but we will soon publish provider-specific instructions in phases.
domain.tld
is the domain that you have hosted your Plane app on.Config | Key |
---|---|
Origin URL | http(s)://domain.tld/auth/oidc/ |
Callback URL | http(s)://domain.tld/auth/oidc/callback/ |
Logout URL | http(s)://domain.tld/auth/oidc/logout/ |
/god-mode/authentication/oidc
on your Plane app and find the configs ↓.
CLIENT_ID
for the Plane client or app you just created over from your IdP and paste it in the field for it.
With providers like Keycloak, you have to choose a unique ID per app your configure. With providers like Okta and Auth0, you copy over the generated ID over to Plane. Typically, you will find it on the Plane application Home or Settings page on your IdP.
CLIENT_SECRET
for the Plane client or app you created over from your IdP and paste it in the field for it.
The secret is usually auto-generated and you just need to copy it over from the Plane app or client’s Home or Settings page.
TOKEN URL
from your IdP and paste it into the field for it on /god-mode/authentication/oidc/
..well-known/
directory for the Plane app or client on your IdP.
User info URL
from your IdP and paste it into the field for it on /god-mode/authentication/oidc/
.
Used to get an authenticating user’s email
, first_name
and the last_name
values from the IdP, this too can be copied over from the .well-known/
directory.
Authorize URL
over from the .well-known/
directory and paste it into the field for it on Plane’s /god-mode/authentication/oidc/
.Sign up with <name of IDP>
or Login with <name of IdP>
.
Login with <name of your IdP>
button brings up your IdP’s authentication screen.