open-vault/website/content/docs/auth/jwt/oidc-providers/secureauth.mdx

---
layout: docs
page_title: OIDC Provider Setup - Auth Methods - SecureAuth
description: OIDC provider configuration for SecureAuth
---

## SecureAuth

The [SecureAuth](https://www.secureauth.com/) identity provider returns group membership
claims as a comma-separated list of strings (e.g. `groups: "group-1,group-2"`) instead
of a list of strings.

To properly obtain group membership when using SecureAuth as the identity provider for
Vault's OIDC Auth Method, the `secureauth` provider must be explicitly configured as
shown below.

```shell
vault write auth/oidc/config -<<"EOH"
{
   "oidc_client_id": "your_client_id",
   "oidc_client_secret": "your_client_secret",
   "default_role": "your_default_role",
   "oidc_discovery_url": "https://idp.sasp.gosecureauth.com/your_secure_auth",
   "provider_config": {
      "provider": "secureauth"
   }
}
EOH
```

This will instruct the OIDC Auth Method to parse the comma-separated groups claims string
into individual groups. Note that the role's [`groups_claim`](/vault/api-docs/auth/jwt#groups_claim)
value must be properly configured to target the groups claim for your SecureAuth identity
provider.