User Management
Mydia includes a built-in multi-user system with role-based access control.
User Roles
| Role | Permissions |
|---|---|
| Admin | Full access: media management, downloads, configuration, request approval |
| Guest | Browse library, submit requests for admin approval |
First User Setup
When you first access Mydia:
- You're guided through creating the initial admin user
- Choose to set a custom password or generate a secure random one
- After creation, you're automatically logged in
Local Authentication
By default, Mydia uses local username/password authentication.
Configuration
Creating Users
Admins can create users through the Admin UI:
- Navigate to Admin > Users
- Click Add User
- Enter username, email, and password
- Select role (admin or guest)
- Save
OIDC/SSO Authentication
Mydia supports OpenID Connect (OIDC) for single sign-on integration.
Supported Providers
- Keycloak
- Authelia
- Auth0
- Okta
- Azure AD
- Any OIDC-compliant provider
Configuration
OIDC_ENABLED=true
OIDC_DISCOVERY_DOCUMENT_URI=https://your-provider/.well-known/openid-configuration
OIDC_CLIENT_ID=mydia
OIDC_CLIENT_SECRET=your-client-secret
OIDC_REDIRECT_URI=http://localhost:4000/auth/oidc/callback
OIDC_SCOPES=openid profile email
Auto-Promotion
The first user to log in via OIDC is automatically promoted to admin role. Subsequent OIDC users are assigned guest role by default.
Provider Configuration
Mydia uses standard OAuth2 authentication with minimal provider configuration:
- Set
client_id,client_secret, andredirect_urisin your provider - No need to configure token endpoint auth methods or response modes
Request System
Guest users can request media:
- Guest searches for a movie or TV show
- Guest clicks Request on the search result
- Admin receives notification of the request
- Admin reviews and approves or denies
- If approved, media is added to library and download begins
- Guest is notified of the decision
Managing Requests
Admins can view and manage requests:
- Navigate to Admin > Requests
- View pending requests
- Approve or deny each request
- Optionally add a message
Disabling Authentication
Security Warning
Disabling authentication is not recommended for production deployments.
For local/testing environments, you can disable local auth when using OIDC:
Next Steps
- SSO/OIDC - Detailed OIDC configuration
- Environment Variables - All auth options