-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration Fields
Kolin edited this page Jun 13, 2026
·
2 revisions
Complete reference for all configuration fields for both OIDC and SAML providers.
| Field | Type | Default | Description |
|---|---|---|---|
enabled |
bool | false |
Activates the provider. |
enableAuthorization |
bool | false |
Plugin manages Jellyfin permissions on every login. |
enableAllFolders |
bool | false |
Grants access to all libraries. |
enabledFolders |
string[] | [] |
Library IDs to grant access to when enableAllFolders is false. |
adminRoles |
string[] | [] |
Roles that grant Jellyfin admin privileges. |
preserveAdminPermissions |
bool | false |
When true, SSO can grant admin privileges but will not revoke admin from existing admins if an admin role is missing. |
roles |
string[] | [] |
Required roles to allow login. Empty = allow all. |
enableFolderRoles |
bool | false |
Enables role-to-folder mapping. |
folderRoleMapping |
FolderRoleMap[] | [] |
List of role → folder mappings. |
enableLiveTvRoles |
bool | false |
Enables Live TV RBAC. |
enableLiveTv |
bool | false |
Live TV viewing access by default. |
enableLiveTvManagement |
bool | false |
Live TV management access by default. |
liveTvRoles |
string[] | [] |
Roles granting Live TV viewing. |
liveTvManagementRoles |
string[] | [] |
Roles granting Live TV management. |
defaultProvider |
string | "" |
Auth provider assigned to new users. |
schemeOverride |
string | "" |
Overrides the URL scheme for redirect URI (e.g., "https"). |
portOverride |
int? | null |
Overrides the port for redirect URI. |
canonicalLinks |
Dictionary | {} |
Maps provider identifiers to Jellyfin user GUIDs. |
| Field | Type | Default | Description |
|---|---|---|---|
oidEndpoint |
string | "" |
Base URL of the identity provider. |
oidClientId |
string | "" |
OAuth2 Client ID. |
oidSecret |
string | "" |
OAuth2 Client Secret. |
roleClaim |
string | "" |
Dot-separated path to the roles array in the token. |
oidScopes |
string[] | [] |
Additional OAuth2 scopes to request. |
defaultUsernameClaim |
string | "preferred_username" |
Claim used as Jellyfin username. |
avatarUrlFormat |
string | "" |
Avatar URL template with @{claim} substitution. |
disableHttps |
bool | false |
Disables HTTPS requirement for discovery endpoint. |
disablePushedAuthorization |
bool | false |
Disables PAR (required for Authelia). |
doNotValidateEndpoints |
bool | false |
Skips endpoint authority validation (required for Google). |
doNotValidateIssuerName |
bool | false |
Skips issuer name validation. |
doNotLoadProfile |
bool | false |
Skips UserInfo endpoint call. |
| Field | Type | Default | Description |
|---|---|---|---|
samlEndpoint |
string | "" |
SAML metadata/binding endpoint URL. |
samlClientId |
string | "" |
SAML Entity ID / Service Provider ID. |
samlCertificate |
string | "" |
Base64-encoded X.509 signing certificate. |
{
"role": "premium-users",
"folders": ["<library-id-1>", "<library-id-2>"]
}To find library IDs, use the Jellyfin API:
GET /Library/VirtualFolders
Authorization: MediaBrowser Token="<api-key>"
Getting Started
Configuration
Providers
Reference
Development