A Concourse server can authenticate against any valid OAuth auth provider, though it's a bit "closer to the metal" as you'll need to explicitly configure the auth, token, and user-info URLs. You may want to see if you can use Generic OIDC auth if your auth provider is compatible with OIDC.
First you'll need to create a client with your oAuth provider.
The callback URL must be the URL of your Concourse server with
/sky/issuer/callback appended. This address must be reachable by your oAuth provider - it can't be
For example, Concourse's own CI server's callback URL would be:
The Generic oAuth provider has many values to set - for a full list consult
concourse web --help.
web node env config may look something like this:
CONCOURSE_OAUTH_DISPLAY_NAME=Acme CONCOURSE_OAUTH_CLIENT_ID=myclientid CONCOURSE_OAUTH_CLIENT_SECRET=myclientsecret CONCOURSE_OAUTH_AUTH_URL=https://oauth.example.com/oauth2/auth CONCOURSE_OAUTH_TOKEN_URL=https://oauth.example.com/oauth2/token CONCOURSE_OAUTH_USERINFO_URL=https://oauth.example.com/oauth2/userinfo
concourse web --help for a full list of flags with descriptions.