

























Self-hosting NetBird just got a lot simpler. Version 0.62 removes the requirement for an external identity provider—you can now create and manage users directly from the Dashboard. No Zitadel, no Keycloak, no Auth0 setup required.
The new quickstart script gets you up and running in about 5 minutes with a single command. It handles everything: deploys all services, sets up TLS certificates, and even walks you through reverse proxy selection if you're using Traefik, Nginx, or something else instead of the built-in Caddy.

Here's what changed:
If you're already running NetBird with Zitadel, don't worry. You can keep using it as-is, add it as an external provider alongside local users, or migrate to local users entirely. We've got you covered either way.
Getting started with self-hosted NetBird is now faster than ever. The new quickstart script handles everything automatically—from container deployment to reverse proxy configuration.

You'll need a Linux VM (1 CPU, 2GB RAM) with public access on ports 80, 443, and UDP 3478, plus a public domain name. The script requires Docker with docker-compose, jq, and curl. For detailed requirements and setup instructions, see the Quickstart Guide .
Run the installation script:
The script will:

During installation, you can choose your reverse proxy configuration:
The script generates all necessary configuration files and provides setup instructions for your chosen proxy. No manual routing configuration required. Once finished, you can manage the deployment via commands.
Setting up self-hosted NetBird has always required deploying an identity provider alongside the core services. Our quickstart script used Zitadel, which meant spinning up additional containers (Zitadel itself plus CockroachDB) and managing yet another piece of infrastructure.
For homelabs, small teams, and proof-of-concept deployments, this was overkill:
Many self-hosters just wanted to create a few local users and get their network running. They didn't need federated SSO or enterprise identity management, they needed simplicity.

Version 0.62 embeds user management directly into the NetBird Management service with the help of Dex in the backend. When you deploy NetBird, you get:
New deployments start without any users. When you first access the Dashboard, you're guided through a setup wizard:
That's it. No separate IdP console, no OAuth configuration, no client ID juggling.
The embedded IdP is enabled by default when using the quickstart script . For manual deployments or custom configurations, you can enable it in :
Once logged in, adding users is straightforward:
A secure password is generated and displayed once in a modal with a copy button. This password will only be shown once—make sure to copy it and share it securely with the user.

Users created through local authentication can be assigned roles:

Local users work great on their own, but sometimes you want SSO. Maybe you already have an instance of Pocket ID, or your company requires Microsoft Entra ID authentication. Version 0.62 supports connecting external identity providers alongside local users. Our integration now makes it easy to manage all of this directly in NetBird.
You can configure multiple OIDC-compatible identity providers simultaneously:

Users see all configured providers as login options, with local email/password authentication always available as a fallback.


That's the entire flow, no config files to edit, no service restarts required. The secret is stored securely in your NetBird installation and never exposed to the public.

When a user authenticates via an external identity provider:
Users who authenticate via an external identity provider appear in your Users list with a badge showing their identity provider (Google, Microsoft, etc.), making it easy to see which authentication method each user uses.

For IdPs that support it, NetBird can automatically sync user groups from JWT claims. When enabled, groups from your identity provider are automatically created in NetBird and assigned to users upon authentication.
To enable JWT group sync:
Once configured, groups from your IdP's JWT tokens will automatically be created in NetBird and assigned to users when they authenticate. This eliminates the need to manually manage group memberships for users authenticating via external providers.
Different identity providers may require specific configuration to pass groups in JWT claims. For detailed, provider-specific setup instructions, see the Identity Providers documentation .
Under the hood, local user management is powered by an embedded Dex server running within the Management service. Dex is a lightweight, battle-tested OIDC provider that handles:
No additional containers, no separate databases, and no external network dependencies for authentication.
Passwords are securely hashed using bcrypt before storage.
If you deployed NetBird using the previous script, you have options:
Your existing setup continues to work. No action required. The standalone IdP documentation remains available for reference.
Deploy the new version, then add your existing Zitadel instance as an external identity provider:
This gives you the simpler deployment while preserving your existing authentication.
For detailed migration steps, see our Migration Guide .
Note: We're working on an in-depth migration guide to help with switching from standalone IdPs to external providers. Contact us at support@netbird.io if you need immediate assistance.
New deployment: Use the Quickstart Guide
Existing deployment: See the Migration Guide
Add SSO providers: Check the Identity Providers documentation
Try NetBird: Get started at netbird.io/pricing
Join the community: Star us on GitHub · Follow us on X
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。