Configure Auth

Setting up authentication for your Prividium chain.

Authentication controls how users and administrators log in to Prividium and access the permissioned network. Prividium supports two authentication methods:

  • Okta (OIDC) for enterprise single sign-on
  • Crypto-native Sign-in With Ethereum (SIWE) for wallet-based access

You can enable either method or both at the same time.

1. Configure Okta Authentication

Use Okta if your organization manages users through an identity provider.

Step 1: Create an application in Okta

  1. Sign in to your Okta Admin Console.
  2. Go to Applications → Create App Integration.
  3. Choose OIDC – OpenID Connect and Single-Page Application (SPA).
  4. Set the following:
    • Sign-in redirect URIhttp://localhost:3001/callback (or your production URL)
    • Sign-out redirect URIhttp://localhost:3001
    • Allowed grant types → Authorization Code
  5. After creation, note:
    • Client ID
    • Okta domain (for example, https://yourokta.okta.com)

Step 2: Update your environment variables

Edit your .env file or Docker Compose configuration for the User Dashboard:

VITE_OKTA_ISSUER=https://yourokta.okta.com/oauth2/default
VITE_OKTA_CLIENT_ID=<your_client_id>
VITE_OKTA_REDIRECT_URI=http://localhost:3001/callback
VITE_AUTH_METHODS=okta

Restart the User Dashboard container to apply changes.

Step 3: Test the login

  1. Open http://localhost:3001.
  2. Click Sign in with Okta.
  3. Complete the Okta login flow.

After login, the user token is validated by the Permissions API, which determines the user's roles and access rights.

2. Configure Crypto-Native (SIWE) Authentication

SIWE allows users to authenticate using their Ethereum wallet without a third-party identity provider.

Step 1: Enable SIWE in configuration

In your .env file for the User Dashboard, set:

VITE_AUTH_METHODS=crypto_native
VITE_PROXY_URL=http://localhost:8001

To enable both Okta and SIWE together, use:

VITE_AUTH_METHODS=okta,crypto_native

Step 2: Test wallet login

  1. Open http://localhost:3001.
  2. Select Sign in with Ethereum.
  3. Approve the signature request in your wallet.

The dashboard issues a signed JWT token that grants access through the Proxy. The wallet address is recorded in the Permissions API and can later be linked to specific roles in the Admin Dashboard.

3. Mixed Mode (Okta and SIWE)

You can enable both Okta and wallet login on the same User Dashboard. Each user can have:

  • An Okta identity, used for organizational authentication
  • One or more wallet addresses, used for on-chain interactions

Admins can manage both under Users → Edit → Roles in the Admin Dashboard.

4. Initial admin user

The first admin is created during setup through environment variables or the admin-create script. After you sign in as the initial admin, you can:

  • Add more admin users
  • Assign the Admin role to existing users
  • Limit sensitive actions to administrators only

5. Common Issues

SymptomLikely CauseResolution
401 Unauthorized after loginMissing or incorrect Okta or SIWE configurationVerify environment variables and redirect URIs
User can log in but cannot access contractsThe user has no assigned roleAdd a role under Users → Edit → Roles
Wallet signature rejectedExpired SIWE nonce or clock driftRefresh the page and retry signing

Next Step

Once authentication is configured and users can log in, proceed to Manage Roles create initial roles.

Permissions Overview

Learn about the Prividium Permissioning API and Selective Disclosure.

Manage Roles

Create and manage roles on your Prividium chain.

Made with ❤️ by the ZKsync Community