> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.nvidia.com/nemo-platform/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/nemo-platform/_mcp/server.

# Generic OIDC Provider

A checklist for connecting NeMo Platform to any OIDC-compliant identity provider not covered by the [Azure AD](/documentation/access-control/authentication/providers/azure-ad-entra-id) page.

**Prerequisites**: Familiarity with [OIDC Setup](/documentation/access-control/authentication/oidc-setup).

## Provider Checklist

Verify your IdP meets these requirements:

* [ ] Supports **OpenID Connect** (not just OAuth2)
* [ ] Exposes a `.well-known/openid-configuration` discovery document
* [ ] Supports the **device authorization grant** (required for `nemo auth login`)
* [ ] Allows creating **custom API scopes** (`platform:read`, `platform:write`)
* [ ] Includes **email** (or equivalent claim) in access tokens
* [ ] Supports **JWKS** for token signature validation

## Configuration Template

```yaml
auth:
 enabled: true
 oidc:
 enabled: true
 issuer: "<your-idp-issuer-url>"
 client_id: "<your-client-id>"
 # Uncomment and adjust if your IdP uses non-standard claim names:
 # email_claim: "email"
 # subject_claim: "sub"
 # groups_claim: "groups"
 # Uncomment if your IdP prefixes scopes:
 # scope_prefix: "<prefix>/"
 default_scopes: "openid profile email offline_access platform:read platform:write"
```

## Claim Mapping Reference

| IdP              | Email Claim | Subject Claim | Groups Claim |
| ---------------- | ----------- | ------------- | ------------ |
| Azure AD         | `upn`       | `oid`         | `groups`     |
| Okta             | `email`     | `sub`         | `groups`     |
| Keycloak         | `email`     | `sub`         | `groups`     |
| Auth0            | `email`     | `sub`         | custom       |
| Google Workspace | `email`     | `sub`         | N/A          |
| Generic OIDC     | `email`     | `sub`         | `groups`     |

## Related

* [OIDC Setup](/documentation/access-control/authentication/oidc-setup) — Full OIDC configuration guide.
* [OIDC Setup — Claim mapping](/documentation/access-control/authentication/oidc-setup#claim-mapping) — JWT claims vs config defaults.
* [Auth Configuration](/documentation/access-control/deployment/configuration) — Full config reference.