Custom OIDC

The Custom OIDC connector provides a generic OpenID Connect integration for any OIDC-compliant identity provider — giving you flexibility to connect providers that don’t have a dedicated connector in the Orchestrator.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Custom OIDC connector uses type: oidc and supports standard OpenID Connect discovery, authorization code flow, and token validation. It works with any identity provider that publishes an OIDC discovery document — making it suitable for non-standard providers, development/testing identity servers, and custom-built identity systems.

Use Cases

Non-standard OIDC providers — Connect identity providers that aren’t covered by the dedicated connectors (Azure AD, Okta, etc.)
Development and testing IdPs — Integrate with local identity servers like Keycloak, Dex, or mock OIDC providers during development
Custom-built identity systems — Connect to in-house identity services that implement the OIDC specification

Configuration

Console UI
Configuration

Console UI documentation is coming soon. This section will walk you through configuring this component using the Maverics Console’s visual interface, including step-by-step screenshots and field descriptions.

Custom OIDC configuration screen in Maverics Console

connectors:
  - name: my-idp
    type: oidc
    oidcWellKnownURL: "https://idp.example.com/.well-known/openid-configuration"
    oauthClientID: "{{ env.OIDC_CLIENT_ID }}"
    oauthClientSecret: <vault.oidc_client_secret>
    oauthRedirectURL: "https://app.example.com/oidc/callback"
    scopes: "openid profile email"

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced in app policies
`type`	string	Yes	Must be `oidc`
`oidcWellKnownURL`	string	Yes	OIDC discovery endpoint URL
`oauthClientID`	string	Yes	OAuth 2.0 client ID from the identity provider
`oauthClientSecret`	string	Yes	OAuth 2.0 client secret (use secret reference syntax)
`oauthRedirectURL`	string	Yes	Callback URL registered with the identity provider
`scopes`	string	No	Space-separated OAuth scopes (default: `openid profile email`)
`oauthExtraParams`	map	No	Additional query parameters for the authorization request
`tls`	string	No	Named TLS profile for provider communication

For the complete field reference including health checks, offline access, and PKCE settings, see Identity Fabric.

Troubleshooting

Verify the oidcWellKnownURL is accessible from the Orchestrator host — confirm the provider’s discovery document returns valid JSON
Ensure the oauthRedirectURL matches exactly what is registered in the identity provider
Check that the client secret reference resolves correctly via your secret provider

Identity Fabric

Overview of all identity providers

Custom SAML

Generic SAML 2.0 connector

Azure AD

OIDC connector for Microsoft Entra ID

Okta

OIDC connector for Okta

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Identity Fabric

Custom SAML

Azure AD

Okta

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Identity Fabric

Custom SAML

Azure AD

Okta

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages