Features / Auth

Bring your IdP.

Nightshift speaks OIDC end to end. The default install ships OpenBao so you can sign in the moment the chart deploys. When you're ready, point the API at Okta, Auth0, Keycloak, Google Workspace, Microsoft Entra, or any standard OIDC provider. No application code changes.

Demo coming soon

Standard OIDC, no custom protocols.

Login is OIDC authorization code flow. The Nightshift API trusts whichever issuer you configure; users are authenticated against your existing IdP and tokens are validated on every request. Group claims map directly to the same scope system that gates artifacts, agents, and the share dialog. Changing IdP is a config flip, not a migration.

Related features

Kubernetes NativeRuns on any Kubernetes cluster, anywhereLearn more Agent AgnosticAny model, any framework, any providerLearn more StorageS3, GCS, MinIO, or any S3-compatible storeLearn more

Ready to deploy?

Install Nightshift into your own cluster with a single Helm chart.

Star on GitHub Get in touch