---
layout: docs
page_title: 'Commands: acl auth-method create'
description: The auth-method create command is used to create new ACL Auth Methods.
---

# Command: acl auth-method create

The `acl auth-method create` command is used to create new ACL Auth Methods.

## Usage

```plaintext
nomad acl auth-method create [options]
```

The `acl auth-method create` command requires the correct setting of the create options
via flags detailed below.

## General Options

@include 'general_options_no_namespace.mdx'

## Create Options

- `-name`: Sets the human readable name for the ACL auth method. The name must
  be between 1-128 characters and is a required parameter.

- `-description`: A free form text description of the auth-method that must not exceed
  256 characters.

- `-type`: Sets the type of the auth method. Currently the only supported type
  is `OIDC`.

- `-max-token-ttl`: Sets the duration of time all tokens created by this auth
  method should be valid for.

- `-token-locality`: Defines the kind of token that this auth method should
  produce. This can be either `local` or `global`.

- `-default`: Specifies whether this auth method should be treated as a default
  one in case no auth method is explicitly specified for a login command.

- `-config`: Auth method [configuration] in JSON format. May be prefixed with '@'
  to indicate that the value is a file path to load the config from. '-' may also
  be given to indicate that the config is available on stdin.

- `-json`: Output the ACL auth-method in a JSON format.

- `-t`: Format and display the ACL auth-method using a Go template.

## Examples

Create a new ACL Auth Method:

```shell-session
$ nomad acl auth-method create -name "example-acl-auth-method" -type "OIDC" -max-token-ttl "1h" -token-locality "local" -config "@config.json"
Created ACL auth method:
Name                   = example-acl-auth-method
Type                   = OIDC
Locality               = local
MaxTokenTTL            = 1h0m0s
Default                = false
OIDC Discovery URL     = https://my-corp-app-name.auth0.com/
OIDC Client ID         = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
OIDC Client Secret     = example-client-secret
Bound audiences        = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
Allowed redirects URIs = http://localhost:4646/oidc/callback
Discovery CA pem       = <none>
Signing algorithms     = <none>
Claim mappings         = {http://example.com/first_name: first_name}; {http://example.com/last_name: last_name}
List claim mappings    = {http://nomad.com/groups: groups}
Create Index           = 14
Modify Index           = 14
```

Example config file:

```json
{
  "OIDCDiscoveryURL": "https://my-corp-app-name.auth0.com/",
  "OIDCClientID": "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt",
  "OIDCClientSecret": "example-client-secret",
  "BoundAudiences": [
    "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"
  ],
  "AllowedRedirectURIs": [
    "http://localhost:4646/oidc/callback"
  ],
  "ClaimMappings": {
    "http://example.com/first_name": "first_name",
    "http://example.com/last_name": "last_name"
  },
  "ListClaimMappings": {
    "http://nomad.com/groups": "groups"
  }
}
```

[configuration]: /api-docs/acl/auth-methods#config