• Single cluster
    • Multicluster  ENTERPRISE
    • Overview
    • Architecture
    • Relay architecture
      • About ambient mesh
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Helm
        • Migrate from a sidecar mesh
          • Gloo Operator
          • Helm
        • Flat networking (advanced)
      • Add VMs to the mesh
    • Enroll apps
      • Overview
      • Ingress
      • East-west and waypoints
        • Standard egress setup
        • Advanced mTLS egress  ENTERPRISE
    • Resiliency
      • Overview
      • Secure workload identites with SPIRE  ENTERPRISE
      • Overview
      • Layer 7 observability for ztunnels  ENTERPRISE
      • Gloo Operator
      • Helm
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Migrate to the Gloo Operator
        • Helm
        • EKS add-on
        • AKS extension
          • Gloo Operator
          • Helm
        • Flat networking (advanced)
    • Enroll apps
      • Overview
      • Ingress
      • Egress
    • Resiliency
    • Security
    • Observability
      • Gloo Operator
      • Helm
      • Istio lifecycle manager (deprecated)
        • Install the meshctl CLI
        • Licensing
        • System requirements
        • Installation options
      • Single cluster management
      • Multicluster management
      • Install in air-gapped environments
    • Explore the UI
    • Review insights
      • About the telemetry pipeline
      • Collect compute instance metadata
      • Collect Istio access logs
      • Collect Istio request traces with Jaeger
      • Enable logging
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
        • Forward metrics to Datadog
        • Forward metrics to OpenShift
      • Best practices for production
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
          • Istio CA overview
          • Bring your own Istio CAs with AWS
      • FIPS images
        • Overview
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • About Redis
        • Built-in Redis
        • Local Redis
        • External Redis
      • Control user access to your resources
    • Upgrade
    • Uninstall
      • Solo Enterprise for Istio versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Gloo Operator changelog
          • 1.28.3-patch0
          • 1.28.3
          • 1.28.2
          • 1.28.1-patch0
          • 1.28.1
          • 1.28.0-patch0
          • 1.28.0
          • 1.27.5-patch0
          • 1.27.5
          • 1.27.4
          • 1.27.3-patch0
          • 1.27.3
          • 1.27.2
          • 1.27.1-patch1
          • 1.27.1-patch0
          • 1.27.1
          • 1.27.0-patch0
          • 1.27.0
          • 1.26.8-patch0
          • 1.26.8
          • 1.26.7
          • 1.26.6
          • 1.26.5
          • 1.26.4
          • 1.26.3-patch1
          • 1.26.2-patch0
          • 1.26.3
          • 1.26.2
          • 1.26.1-patch0
          • 1.26.1
          • 1.26.0
          • 1.25.5-patch3
          • 1.25.5-patch2
          • 1.25.5-patch1
          • 1.25.5-patch0
          • 1.25.5
          • 1.25.4
          • 1.25.3
          • 1.25.2-patch0
          • 1.25.2
          • 1.25.1
          • 1.25.0
          • 1.24.6-patch3
          • 1.24.6-patch1
          • 1.24.6-patch1
          • 1.24.6-patch0
          • 1.24.6
          • 1.24.5
          • 1.24.4
          • 1.24.3
          • 1.24.2
          • 1.24.1
          • 1.24.1-patch1
          • 1.24.0
          • 1.23.6-patch3
          • 1.23.6-patch2
          • 1.23.6-patch1
          • 1.23.6-patch0
          • 1.23.6
          • 1.23.5
          • 1.23.4
          • 1.23.3
          • 1.23.2-patch1
          • 1.23.2
          • 1.23.1
          • 1.23.0-patch1
          • 1.23.0-patch0
          • 1.23.0
          • 1.22.8-patch2
          • 1.22.8-patch1
          • 1.22.8-patch0
          • 1.22.8
          • 1.22.7
          • 1.22.6
          • 1.22.5-patch0
          • 1.22.5
          • 1.22.4
          • 1.22.3-patch1
          • 1.22.3-patch0
          • 1.22.3
          • 1.22.1
          • 1.22.0
      • Dashboard
      • GatewayLifecycleManager
      • InsightsConfig
      • IstioHelm
      • IstioLifecycleManager
      • Gloo Operator APIs
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • Gloo Operator
        • meshctl
        • meshctl check
        • meshctl check server
        • meshctl cluster
        • meshctl cluster deregister
        • meshctl cluster list
        • meshctl cluster register
        • meshctl dashboard
        • meshctl debug
        • meshctl debug report
        • meshctl experimental
        • meshctl experimental interop-check
        • meshctl install
        • meshctl license
        • meshctl license check
        • meshctl logs
        • meshctl proxy
        • meshctl uninstall
        • meshctl version
        • Overview
        • istioctl bootstrap
        • istioctl ecs add-service
        • istioctl multicluster check
        • istioctl multicluster expose
        • istioctl multicluster link
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
      • Debug Istio
      • Gloo Operator and ServiceMeshController
      • Multicluster peering
      • Knative
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Istio documentation
    • Solo Enterprise for Istio
    • main
    • 2.11 (latest)
    • 2.10
    • 2.9
    • 2.8
    • Gloo Mesh (Gloo Platform APIs)
    • 2.11
    • 2.10
    • 2.9
    • 2.8
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Management plane
    • Advanced settings
    • Gloo UI
    • Set up external auth
    On this page

    You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs).

    Set up external auth

    Set up authentication and authorization (AuthN/AuthZ) for the Gloo UI by using OpenID Connect (OIDC) and Kubernetes role-based access control (RBAC).

    article

    Overview

    Set up authentication and authorization (AuthN/AuthZ) for the Gloo UI by using OpenID Connect (OIDC) …

    article

    External auth with Google

    Use a Google account to log in to the Gloo UI.

    article

    External auth with Dex

    Use Dex as an OIDC provider for both authentication and authorization to the Gloo UI.

    article

    External auth with Okta

    Set up external authentication for the Gloo UI with the Okta OIDC provider.

    article

    OIDC settings in Helm

    Configure OIDC settings for the Gloo UI in Helm so that your settings remain even after version …

    article

    RBAC for resources in the UI

    Review how Solo Enterprise for Istio uses RBAC resources to decide what resources to display in the …

    Solo.io copyright 2026