---
title: AiPMChat Authorization Service
description: >-
  Learn about AiPMChat's support for configuring external identity verification
  services for centralized user authorization within enterprises/organizations.
  Explore supported services like Auth0, Microsoft Entra ID, Authentik, Github,
  and ZITADEL.
tags:
  - SSO Providers
  - Next Auth
  - Clerk
---

# AiPMChat Authorization

AiPMChat supports the configuration of external identity verification services for internal use within enterprises/organizations to centrally manage user authorization.

## Clerk

Clerk is a comprehensive identity verification solution that has recently gained popularity. It provides a simple yet powerful API and services to handle user authentication and session management. Clerk's design philosophy is to offer a concise and modern authentication solution that enables developers to easily integrate and use it.

AiPMChat has deeply integrated with Clerk to provide users with a more secure and convenient login and registration experience. It also relieves developers from the burden of managing authentication logic. Clerk's concise and modern design philosophy aligns perfectly with AiPMChat's goals, making user management on the entire platform more efficient and reliable.

By setting the environment variables NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY and CLERK_SECRET_KEY in AiPMChat's environment, you can enable and use Clerk.

## Next Auth

Before using NextAuth, please set the following variables in AiPMChat's environment variables:

| Environment Variable | Type | Description |
| --- | --- | --- |
| `NEXT_AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can use the following command: `openssl rand -base64 32`, or visit `https://generate-secret.vercel.app/32` to generate the key. |
| `ACCESS_CODE` | Required | Add a password to access this service. You can set a sufficiently long random password to "disable" access code authorization. |
| `NEXTAUTH_URL` | Optional | This URL specifies the callback address for Auth.js when performing OAuth verification. Set this only if the default generated redirect address is incorrect. `https://example.com/api/auth` |
| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,azure-ad,authentik`. |

Currently supported identity verification services include:

<Cards>
  <Card href={'/docs/self-hosting/advanced/sso-providers/auth0'} title={'Auth0'} />
  <Card
    href={'/docs/self-hosting/advanced/sso-providers/microsoft-entra-id'}
    title={'Microsoft Entra ID'}
  />
  <Card href={'/docs/self-hosting/advanced/sso-providers/authentik'} title={'Authentik'} />
  <Card href={'/docs/self-hosting/advanced/sso-providers/github'} title={'Github'} />
  <Card href={'/docs/self-hosting/advanced/sso-providers/zitadel'} title={'ZITADEL'} />
</Cards>
Click on the links to view the corresponding platform's configuration documentation.

## Advanced Configuration

To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,azure-ad,authentik`.

The order corresponds to the display order of the SSO providers.

| SSO Provider       | Value       |
| ------------------ | ----------- |
| Auth0              | `auth0`     |
| Microsoft Entra ID | `azure-ad`  |
| Authentik          | `authentik` |
| Github             | `github`    |
| ZITADEL            | `zitadel`   |

## Other SSO Providers

Please refer to the [NextAuth.js](https://next-auth.js.org/providers) documentation and feel free to submit a Pull Request.