Service URL Settings
Pomerium's service URL settings control how the different Pomerium services communicate with each other.
The authenticate service URL setting also controls whether Pomerium will run its own authenticate service or use the Hosted Authenticate Service.
The other service URL settings are needed only for split service deployments. When running in all-in-one mode (which is the recommended mode), these settings are not needed.
Authenticate Service URL
The Authenticate Service URL setting defines the externally accessible URL where Pomerium redirects end users (clients) to authenticate against an identity provider.
If not set, Pomerium will use the Hosted Authenticate Service.
If you prefer to use your own identity provider, you'll need to set an authenticate service URL, and you will need this URL when configuring your identity provider client's OAuth callback URL.
If Pomerium is running in split-service mode, each Pomerium service requires the authenticate service URL in its configuration.
Pomerium will use the Hosted Authenticate Service by default in configurations that don't specify an authenticate service URL.
See the Self-Hosted Authenticate Service page if you prefer to use your own authenticate service.