# Configure OIDC provider

This guide shows how to configure an OIDC provider (for example Keycloak).

## Step by step guide

1. Configure a new client in the OIDC provider (with client credentials)

2. Put the client secret in Vault. For example at this location: `${cluster:tenant}/${cluster:name}/oidc/<name_of_the_provider>/clientSecret`

3. Configure this component like the following example:

``````parameters:
openshift4_authentication:
identityProviders:
keycloak-auth:
name: my-keycloak
type: OpenID
clientID: ${cluster:name} clientSecret: name: company-keycloak (1) claims: preferredUsername: - preferred_username name: - name email: - email secrets: company-keycloak: (1) clientSecret: '?{vaultkv:${cluster:tenant}/\${cluster:name}/oidc/keycloak-auth/clientSecret}' (2)``````
 1 The name of the secret. 2 For OpenID connect, the client secret must be stored in a key named `clientSecret` in the secret.