For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
GitHub
DocumentationREST API Reference
DocumentationREST API Reference
    • Home
  • Overview
    • What is NICo?
    • Key Capabilities
    • Operational Principles
    • Day 0 / Day 1 / Day 2 Lifecycle
    • Scope and Boundaries
  • Getting Started
    • Building NICo Containers
    • Quick Start Guide
  • Architecture
    • Overview and Components
    • Reliable State Handling
    • Networking Integrations
    • Key Group Synchronization
  • Provisioning (Day 0)
    • Ingesting Hosts
    • Ingesting Hosts (REST API)
    • Machine Validation
    • SKU Validation
    • Measured Boot Attestation
  • Configuration (Day 1)
    • Network Isolation
    • Tenant Management
    • Organization & Permissions
  • Operations (Day 2)
    • Tenant Lifecycle Cleanup
    • Network Isolation
    • Network Security Groups
    • InfiniBand Partitioning
    • NVLink Partitioning
    • Rack-Level Administration (RLA)
    • IP Resource Pools
    • BGP Peering
    • nicocli Reference
      • Azure OIDC for Infra Controller Web UI
      • Force Deleting and Rebuilding Hosts
      • Rebooting a Machine
      • InfiniBand Setup
  • Reference
    • Hardware Compatibility List
    • Release Notes
    • FAQs
    • Glossary
GitHub
NVIDIANVIDIA
Developer-friendly docs for your API
Privacy Policy | Your Privacy Choices | Terms of Service | Accessibility | Corporate Policies | Product Security | Contact

Copyright © 2026, NVIDIA Corporation.

LogoLogo
On this page
  • NICo Web
  • Alternative Auth Flow
Operations (Day 2)Playbooks

Azure Setup

||View as Markdown|
Previous

Traces

Next

Force Deleting and Rebuilding Hosts

For managing client secrets and redirect URIs registered in the Entra portal.

NICo Web

The oauth2 in nico-web has defaults for most settings:

ENVDESCRIPTION
NICO_WEB_ALLOWED_ACCESS_GROUPSThe list of DL groups allowed to access nico-web
NICO_WEB_ALLOWED_ACCESS_GROUPS_ID_LISTThe list of UUIDs in Azure that correspond to the DL groups allowed to access nico-web
NICO_WEB_OAUTH2_CLIENT_IDThe app ID of nico-web in Azure/Entra
NICO_WEB_OAUTH2_TOKEN_ENDPOINTThe URI for our tenant ID
NICO_WEB_OAUTH2_CLIENT_SECRETA secret used to talk to MS entra/graph.
NICO_WEB_PRIVATE_COOKIEJAR_KEYA secret used for encrypting the cookie values used for sessions.
NICO_WEB_HOSTNAMEA hostname specific for each site that’s needed for redirects. The value must match what’s set in the Azure/Entra portal for the URL of the nico-api web interface

Alternative Auth Flow

Some teams use gitlab automation to pull data from the Web UI.

To provide access using the alternative auth flow, perform the following steps:

  • Create a new secret for the team/process
  • Securely provide the team the new secret

The automated process will then be able to fetch an encrypted cookie that will grant access for 10 minutes.

Example:

curl --cookie-jar /tmp/cjar --cookie /tmp/cjar --header 'client_secret: ...' 'https://<the_web_ui_address>/admin/auth-callback'
curl --cookie /tmp/cjar 'https://<the_web_ui_address>/admin/managed-host.json'