Skip to main content


Support level: Community

What is pgAdmin



pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.


This is based on authentik 2022.3.3 and pgAdmin4 6.19


The following placeholders will be used:

  • is the FQDN of pgAdmin.
  • is the FQDN of authentik.

Step 1: Create authentik Provider

In authentik, under Providers, create an OAuth2/OpenID Provider with these settings:

Provider Settings

  • Name: pgAdmin
  • Client ID: Copy and Save this for Later
  • Client Secret: Copy and Save this for later
  • Redirect URIs/Origins:
  • Signing Key: Select any available key

Step 2: Create authentik Application

In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.

Step 3: Configure pgAdmin

All settings for OAuth in pgAdmin are configured in the file. This file can usually be found in the path /pgadmin4/


More information on that file can be found in the official pgAdmin documentation

Copy the following code into the file and replace all placeholders and FQDN placeholders


If the file does not exist, it needs to be created in the /pgadmin4/ directory.

AUTHENTICATION_SOURCES = ['oauth2', 'internal']
'OAUTH2_NAME' : 'authentik',
'OAUTH2_DISPLAY_NAME' : '<display-name>',
'OAUTH2_CLIENT_ID' : '<client-id>',
'OAUTH2_CLIENT_SECRET' : '<client-secret>',
'OAUTH2_SERVER_METADATA_URL' : '<app-slug>/.well-known/openid-configuration',
'OAUTH2_SCOPE' : 'openid email profile',
'OAUTH2_ICON' : '<fontawesome-icon>',
'OAUTH2_BUTTON_COLOR' : '<button-color>'

In the code above the following placeholders have been used:

  • <display-name>: The name that is displayed on the Login Button
  • <client-id>: The Client ID from step 1
  • <client-secret>: The Client Secret from step 1
  • <app-slug>: The App Slug from step 2, it should be pgadmin if you did not change it
  • <fontawesome-icon>: An icon name from fontawesome. Only brand icons seem to be supported. This icon is displayed in front of the <display-name>. E.g.: fa-github.
  • <button-color>: Sets the color of the Login Button. Should be in Hex format, E.g.: #fd4b2d

To only allow authentication via authentik set AUTHENTICATION_SOURCES to ['oauth2']. This should only be done once at least one user registered via authentik has been made an admin in pgAdmin.


To disable user creation on pgAdmin, set OAUTH2_AUTO_CREATE_USER to False

Finally, restart pgAdmin to apply the changes.


pgAdmin needs to be restarted every time changes to are made