For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
13.5kProductPricingSign inStart free trialBook a demo
DocsAPIsSDKsEnterprise EdgeGuidesAcademyRelease notes
DocsAPIsSDKsEnterprise EdgeGuidesAcademyRelease notes
    • API overview
  • Client API
  • Frontend API
  • Admin API
      • GETGets available permissions
      • POSTLog in
      • GETGet SAML auth settings
      • POSTUpdate SAML auth settings
      • GETGet OIDC auth settings
      • POSTSet OIDC settings
      • GETGet Simple auth settings
      • POSTUpdate Simple auth settings
      • GETReturns the list of permissions for the service account.
      • GETGets access overview
      • GETGet SCIM settings.
      • POSTSet SCIM settings.
      • POSTGenerates a new SCIM API token.
      • GETValidates a token
      • POSTChanges a user password
      • POSTValidates password
      • POSTReset password

Unleash reduces the risk of releasing new features, drives innovation by streamlining the software release process, and increases revenue by optimizing end-user experience. While we serve the needs of the world's largest, most security-conscious organizations, we are also rated the “Easiest Feature Management system to use” by G2.

GitHubGitHubLinkedInLinkedInX (Twitter)X (Twitter)SlackSlackStack OverflowStack OverflowYouTubeYouTube

Server SDKs

  • Node.js
  • Java
  • Go
  • Rust
  • Ruby
  • Python
  • .NET
  • PHP
  • All SDKs

Frontend SDKs

  • JavaScript
  • React
  • Next.js
  • Vue
  • iOS
  • Android
  • Flutter

Feature Flag use cases

  • Secure, scalable feature flags
  • Rollbacks
  • FedRAMP, SOC2, ISO2700 compliance
  • Progressive or gradual rollouts
  • Trunk-based development
  • Software kill switches
  • A/B testing
  • Feature management
  • Canary releases

Product

  • Quickstart
  • Unleash architecture
  • Pricing
  • Product vision
  • Open live demo
  • Open source
  • Enterprise feature management platform
  • Unleash vs LaunchDarkly

Support

  • Help center
  • Status
  • Changelog
Made in a cosy atmosphere in the Nordic countries.Copyright © 2026 Unleash
LogoLogo
13.5kProductPricingSign inStart free trialBook a demo
Admin APIAuth

Set OIDC settings

||View as Markdown|
POST
https://app.unleash-instance.example.com/api/admin/auth/oidc/settings
POST
/api/admin/auth/oidc/settings
$curl -X POST https://app.unleash-instance.example.com/api/admin/auth/oidc/settings \
>     -H "Authorization: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "enabled": true,
>  "clientId": "FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B",
>  "secret": "qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO"
>}'
1{
2  "enabled": true,
3  "discoverUrl": "https://myoidchost.azure.com/.well-known/openid-configuration",
4  "clientId": "FB87266D-CDDB-4BCF-BB1F-8392FD0EDC1B",
5  "secret": "qjcVfeFjEfoYAF3AEsX2IMUWYuUzAbXO",
6  "autoCreate": true,
7  "enableSingleSignOut": true,
8  "defaultRootRole": "Viewer",
9  "defaultRootRoleId": 2,
10  "emailDomains": "getunleash.io,getunleash.ai",
11  "acrValues": "urn:okta:loa:2fa:any phr",
12  "idTokenSigningAlgorithm": "RS256",
13  "enableGroupSyncing": false,
14  "groupJsonPath": "groups",
15  "addGroupsScope": false,
16  "enablePkce": false,
17  "extraScopes": "custom_scope1 custom_scope2"
18}

Enterprise feature

Configure OpenID Connect as a login provider for Unleash.

Was this page helpful?
Previous

Get Simple auth settings

Next
Built with

Authentication

Authorizationstring
API key needed to access this API
OR
AuthorizationBearer
API key needed to access this API, in Bearer token format

Request

oidcSettingsSchema
objectRequired
OR
objectRequired

Response

oidcSettingsResponseSchema
enabledboolean
Whether to enable or disable OpenID Connect for this instance
discoverUrlstringformat: "uri"

The .well-known OpenID discover URL

clientIdstring
The OIDC client ID of this application.
secretstring
Shared secret from OpenID server. Used to authenticate login requests
autoCreateboolean
Auto create users based on email addresses from login tokens
enableSingleSignOutboolean

Support Single sign out when user clicks logout in Unleash. If true user is signed out of all OpenID Connect sessions against the clientId they may have active

defaultRootRoleenum

Default role granted to users auto-created from email. Only relevant if autoCreate is true

Allowed values:
defaultRootRoleIddouble

Assign this root role to auto created users. Should be a role ID and takes precedence over defaultRootRole.

emailDomainsstring

Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is true

acrValuesstring

Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. Consult the OIDC reference for more information

idTokenSigningAlgorithmenum

The signing algorithm used to sign our token. Refer to the JWT signatures documentation for more information.

Allowed values:
enableGroupSyncingboolean

Should we enable group syncing. Refer to the documentation Group syncing

groupJsonPathstring
Specifies the path in the OIDC token response to read which groups the user belongs to from.
addGroupsScopeboolean
When enabled Unleash will also request the 'groups' scope as part of the login request.
enablePkceboolean

Enable PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients and provides additional protection against authorization code interception attacks.

extraScopesstring

Space-separated list of additional scopes to request during login, beyond the default openid email profile and groups if group syncing is enabled.

Errors

400
Bad Request Error
401
Unauthorized Error
403
Forbidden Error
415
Unsupported Media Type Error