By default, your Coder instance uses CodeWire SSO — users sign in through CodeWire and are automatically authenticated with Coder. You can override this with a custom OAuth/OIDC provider.
Default: CodeWire SSO
With the default setup:
- Users sign in to CodeWire with email/password
- CodeWire issues tokens that Coder accepts automatically
- No additional configuration needed
This is recommended for most teams.
Custom OAuth provider
If your organization uses an identity provider like Okta, Auth0, Azure AD, or another OIDC-compatible service, you can configure it as the login provider for your Coder instance.
- Go to your resource Settings
- Scroll to Advanced Settings → Login Provider Override
- Select Custom OAuth
- Enter:
- Issuer URL — your OIDC provider’s issuer URL (e.g.,
https://your-org.okta.com)
- Client ID — the OAuth client ID from your provider
- Client Secret — the OAuth client secret from your provider
- Click Save
- Click Sync Configuration to apply the changes
After saving, you must click Sync Configuration in Advanced Settings for the change to take effect. This re-provisions your resource with the new login settings.
Switching back to CodeWire SSO
- Go to Advanced Settings → Login Provider Override
- Select CodeWire SSO (default)
- Click Save
- Click Sync Configuration
Important notes
- The sync process takes 1–2 minutes while your resource is re-provisioned
- Existing Coder sessions may be invalidated when switching providers
- Make sure your OIDC provider is configured to allow redirects to your resource domain
