User ManualPodWarden
Login
Authentication screen with OIDC single sign-on and local login
What you see
URL: /auth/signin
The sign-in page is the entry point to PodWarden. Depending on how your instance is configured, you will see one of three authentication flows:
- Temporary admin -- If enabled during initial setup, a single admin account is available with pre-set credentials. This flow is intended for first-time configuration only.
- OIDC + local fallback -- An SSO button for your identity provider (Keycloak, Google, GitHub, etc.) plus a local email/password form for accounts that do not use SSO.
- Local-only -- When OIDC is not configured, only the email/password form is shown.
Fields
| Field | Description |
|---|---|
| Email / Username | Your local account email address or username |
| Password | Your local account password |
| SSO button | Redirects to the configured OIDC provider for single sign-on |
Available actions
| Action | What it does |
|---|---|
| Sign in | Authenticates with the email/password credentials entered in the form |
| Sign in with SSO | Redirects to the OIDC provider (e.g. Keycloak). After successful authentication there, you are redirected back to PodWarden with an active session |
How authentication works
- OIDC flow -- PodWarden redirects to the configured issuer URL. The identity provider handles login (including MFA if configured) and returns a JWT. PodWarden validates the token and creates a session.
- Local flow -- PodWarden checks the email/password against the local user database. Passwords are hashed with bcrypt.
- Temporary admin -- A bootstrap account that should be disabled after creating proper user accounts.
After successful authentication, you are redirected to the Dashboard.
Related docs
- Settings -- System -- Configure OIDC provider settings
- Settings -- Users -- Manage local user accounts
- Getting Started -- Initial setup walkthrough