In addition to basic environment variables, you can use environment variables to configure advanced IAM options for your Dedicated Cloud or Self-Managed instance. Use these variables to customize SSO behavior, session expiration, OIDC and LDAP integration, and other identity-related settings to match your organization’s security and access requirements. Choose any of the following environment variables for your instance depending on your IAM needs.Documentation Index
Fetch the complete documentation index at: https://wb-21fd5541-docs-2661.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
| Environment variable | Description |
|---|---|
DISABLE_SSO_PROVISIONING | Set this to true to turn off user auto-provisioning in your W&B instance. |
SESSION_LENGTH | To change the default user session expiry time, set this variable to the desired number of hours. For example, set SESSION_LENGTH to 24 to configure session expiry time to 24 hours. The default value is 720 hours. |
GORILLA_ENABLE_SSO_GROUPS_CLAIMS | When you use OIDC-based SSO, set this variable to true to automate W&B team membership in your instance based on your OIDC groups. You must also add a groups claim to the user OIDC token, formatted as a string array of all team names the user is part of. |
GORILLA_LDAP_GROUP_SYNC | If you use LDAP-based SSO, set it to true to automate W&B team membership in your instance based on your LDAP groups. |
GORILLA_OIDC_CUSTOM_SCOPES | If you use OIDC-based SSO, you can specify additional scopes that the W&B instance requests from your identity provider. These custom scopes don’t change the SSO functionality. |
GORILLA_OIDC_SECRET | If you use OIDC-based SSO and your IdP requires an OIDC Client Secret, set this variable to the secret. |
GORILLA_USE_IDENTIFIER_CLAIMS | If you use OIDC-based SSO, set this variable to true to enforce the username and full name of your users using specific OIDC claims from your identity provider. If set, ensure that you configure the enforced username and full name in the preferred_username and name OIDC claims respectively. Usernames can only contain alphanumeric characters along with underscores and hyphens as special characters. |
GORILLA_DISABLE_PERSONAL_ENTITY | When set to true, turns off personal entities. Prevents creation of new personal projects in their personal entities and prevents writing to existing personal projects. |
GORILLA_DISABLE_ADMIN_TEAM_ACCESS | Set this to true to restrict Organization or Instance Admins from self-joining or adding themselves to a W&B team, ensuring that only Data and AI personas have access to the projects within the teams. |
WANDB_IDENTITY_TOKEN_FILE | For identity federation, the absolute path to the local directory where Java Web Tokens (JWTs) are stored. |