Authentication Overview
Concourse supports three authentication methods. They can be used simultaneously.
%3btext-align:center%3b%7d%23mermaid-0 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-0 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-0 .cluster text%7bfill:%23333%3b%7d%23mermaid-0 .cluster span%7bcolor:%23333%3b%7d%23mermaid-0 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-0 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-0 .icon-shape%2c%23mermaid-0 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-0 .icon-shape p%2c%23mermaid-0 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-0 .icon-shape .label rect%2c%23mermaid-0 .image-shape .label rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .label-icon%7bdisplay:inline-block%3bheight:1em%3boverflow:visible%3bvertical-align:-0.125em%3b%7d%23mermaid-0 .node .label-icon path%7bfill:currentColor%3bstroke:revert%3bstroke-width:revert%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker id='mermaid-0_flowchart-v2-pointEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 0 L 10 5 L 0 10 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-pointStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='4.5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 5 L 10 10 L 10 0 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='11' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='-1' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossEnd' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='12' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossStart' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='-1' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath d='M416.703%2c62L416.703%2c66.167C416.703%2c70.333%2c416.703%2c78.667%2c416.703%2c86.333C416.703%2c94%2c416.703%2c101%2c416.703%2c104.5L416.703%2c108' id='L_Client_Choice_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_Client_Choice_0' data-points='W3sieCI6NDE2LjcwMzEyNSwieSI6NjJ9LHsieCI6NDE2LjcwMzEyNSwieSI6ODd9LHsieCI6NDE2LjcwMzEyNSwieSI6MTEyfV0=' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M363.94%2c203.971L323.675%2c218.932C283.411%2c233.892%2c202.881%2c263.813%2c162.616%2c286.274C122.352%2c308.734%2c122.352%2c323.734%2c122.352%2c331.234L122.352%2c338.734' id='L_Choice_PW_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_Choice_PW_0' data-points='W3sieCI6MzYzLjk0MDE2ODgyMjMyNTYzLCJ5IjoyMDMuOTcxNDE4ODIyMzI1NjN9LHsieCI6MTIyLjM1MTU2MjUsInkiOjI5My43MzQzNzV9LHsieCI6MTIyLjM1MTU2MjUsInkiOjM0Mi43MzQzNzV9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M416.703%2c256.734L416.703%2c262.901C416.703%2c269.068%2c416.703%2c281.401%2c416.703%2c293.068C416.703%2c304.734%2c416.703%2c315.734%2c416.703%2c321.234L416.703%2c326.734' id='L_Choice_OIDC_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_Choice_OIDC_0' data-points='W3sieCI6NDE2LjcwMzEyNSwieSI6MjU2LjczNDM3NX0seyJ4Ijo0MTYuNzAzMTI1LCJ5IjoyOTMuNzM0Mzc1fSx7IngiOjQxNi43MDMxMjUsInkiOjMzMC43MzQzNzV9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M469.743%2c203.695L510.925%2c218.701C552.107%2c233.708%2c634.472%2c263.721%2c675.654%2c286.228C716.836%2c308.734%2c716.836%2c323.734%2c716.836%2c331.234L716.836%2c338.734' id='L_Choice_SAML_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_Choice_SAML_0' data-points='W3sieCI6NDY5Ljc0Mjg1MDMxNjQ1ODcsInkiOjIwMy42OTQ2NDk2ODM1NDEzfSx7IngiOjcxNi44MzU5Mzc1LCJ5IjoyOTMuNzM0Mzc1fSx7IngiOjcxNi44MzU5Mzc1LCJ5IjozNDIuNzM0Mzc1fV0=' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M122.352%2c396.734L122.352%2c402.901C122.352%2c409.068%2c122.352%2c421.401%2c159.134%2c434.066C195.916%2c446.73%2c269.481%2c459.726%2c306.263%2c466.224L343.045%2c472.722' id='L_PW_JWT_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_PW_JWT_0' data-points='W3sieCI6MTIyLjM1MTU2MjUsInkiOjM5Ni43MzQzNzV9LHsieCI6MTIyLjM1MTU2MjUsInkiOjQzMy43MzQzNzV9LHsieCI6MzQ2Ljk4NDM3NSwieSI6NDczLjQxNzg5NTQ1MDE0Mn1d' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M416.703%2c408.734L416.703%2c412.901C416.703%2c417.068%2c416.703%2c425.401%2c416.703%2c433.068C416.703%2c440.734%2c416.703%2c447.734%2c416.703%2c451.234L416.703%2c454.734' id='L_OIDC_JWT_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_OIDC_JWT_0' data-points='W3sieCI6NDE2LjcwMzEyNSwieSI6NDA4LjczNDM3NX0seyJ4Ijo0MTYuNzAzMTI1LCJ5Ijo0MzMuNzM0Mzc1fSx7IngiOjQxNi43MDMxMjUsInkiOjQ1OC43MzQzNzV9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M716.836%2c396.734L716.836%2c402.901C716.836%2c409.068%2c716.836%2c421.401%2c679.09%2c434.107C641.345%2c446.814%2c565.854%2c459.893%2c528.109%2c466.433L490.363%2c472.972' id='L_SAML_JWT_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_SAML_JWT_0' data-points='W3sieCI6NzE2LjgzNTkzNzUsInkiOjM5Ni43MzQzNzV9LHsieCI6NzE2LjgzNTkzNzUsInkiOjQzMy43MzQzNzV9LHsieCI6NDg2LjQyMTg3NSwieSI6NDczLjY1NTEzOTI0NDk5NTd9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_Client_Choice_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel' transform='translate(122.3515625%2c 293.734375)'%3e%3cg class='label' data-id='L_Choice_PW_0' transform='translate(-35.125%2c -12)'%3e%3cforeignObject width='70.25' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3cp%3ePassword%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel' transform='translate(416.703125%2c 293.734375)'%3e%3cg class='label' data-id='L_Choice_OIDC_0' transform='translate(-20%2c -12)'%3e%3cforeignObject width='40' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3cp%3eOIDC%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel' transform='translate(716.8359375%2c 293.734375)'%3e%3cg class='label' data-id='L_Choice_SAML_0' transform='translate(-21.7890625%2c -12)'%3e%3cforeignObject width='43.578125' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3cp%3eSAML%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_PW_JWT_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_OIDC_JWT_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_SAML_JWT_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg class='node default' id='flowchart-Client-0' transform='translate(416.703125%2c 35)'%3e%3crect class='basic label-container' style='' x='-72.2578125' y='-27' width='144.515625' height='54'/%3e%3cg class='label' style='' transform='translate(-42.2578125%2c -12)'%3e%3crect/%3e%3cforeignObject width='84.515625' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3einboard app%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-Choice-1' transform='translate(416.703125%2c 184.3671875)'%3e%3cpolygon points='72.3671875%2c0 144.734375%2c-72.3671875 72.3671875%2c-144.734375 0%2c-72.3671875' class='label-container' transform='translate(-71.8671875%2c 72.3671875)'/%3e%3cg class='label' style='' transform='translate(-45.3671875%2c -12)'%3e%3crect/%3e%3cforeignObject width='90.734375' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eAuth Method%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-PW-3' transform='translate(122.3515625%2c 369.734375)'%3e%3crect class='basic label-container' style='' x='-114.3515625' y='-27' width='228.703125' height='54'/%3e%3cg class='label' style='' transform='translate(-84.3515625%2c -12)'%3e%3crect/%3e%3cforeignObject width='168.703125' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3ePOST /api/v1/auth/login%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-OIDC-5' transform='translate(416.703125%2c 369.734375)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eRedirect to IdP%2c then callback%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-SAML-7' transform='translate(716.8359375%2c 369.734375)'%3e%3crect class='basic label-container' style='' x='-120.1328125' y='-27' width='240.265625' height='54'/%3e%3cg class='label' style='' transform='translate(-90.1328125%2c -12)'%3e%3crect/%3e%3cforeignObject width='180.265625' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eRedirect to IdP%2c then ACS%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-JWT-9' transform='translate(416.703125%2c 485.734375)'%3e%3crect class='basic label-container' style='' x='-69.71875' y='-27' width='139.4375' height='54'/%3e%3cg class='label' style='' transform='translate(-39.71875%2c -12)'%3e%3crect/%3e%3cforeignObject width='79.4375' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eJWT Token%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Methods
Section titled “Methods”| Method | Use case | Configuration |
|---|---|---|
| Password | Default. Simple setup. | Enabled by default. |
| OIDC | Google, Okta, Azure AD, Auth0, or any OIDC-compliant provider. | Set auth.oidc.enabled: true and provider details. |
| SAML | Enterprise SSO with SAML 2.0 (Okta, Azure AD, OneLogin, PingFederate). | Set auth.saml.enabled: true and IdP metadata. |
All methods issue a JWT token on successful authentication. The inboard app includes this token in subsequent API requests as Authorization: Bearer <token>.
Bootstrap admin
Section titled “Bootstrap admin”On first startup, Concourse creates an admin user from the CONCOURSE_ADMIN_EMAIL and CONCOURSE_ADMIN_PASSWORD environment variables. This user can log in with password auth and has full administrative access.
docker run -d --name concourse \ -p 8080:8080 \ -v concourse-data:/data \ -e CONCOURSE_JWT_SECRET=your-secret-at-least-32-bytes-long \ -e CONCOURSE_ADMIN_EMAIL=admin@example.com \ -e CONCOURSE_ADMIN_PASSWORD=changeme \ ghcr.io/inboard-ai/concourse:latestAfter initial setup, change the admin password through the admin panel or the API.
User roles
Section titled “User roles”| Role | Description |
|---|---|
admin | Full access. Can manage users, relays, agents, and all resources. |
member | Standard access. Can use workspaces, boards, and connections. |
Users created via SSO (OIDC or SAML) are auto-provisioned with the member role. Admins can promote users afterward.
Attribute mapping
Section titled “Attribute mapping”See Attribute Mapping for how Concourse extracts user information from SSO assertions.