p0 login

Overview

The p0 login command bootstraps your local CLI with the credentials and configuration for your P0 organization. Once you’ve logged in, the CLI can:

  • Save your org’s configuration locally (endpoints, OAuth client IDs, etc.)

  • Launch a browser SSO flow for your org’s identity provider (Google, Okta, Ping, Microsoft OIDC, etc.)

  • Let you start running p0 request, p0 aws, p0 ssh, and other commands without re-authenticating on each call

  • If your saved token expires, the CLI will automatically re-launch the login flow and update the identity file before retrying any command.


Basic Login

1. Run the login command

p0 login <ORG_ID>

Replace <ORG_ID> with your P0 organization’s ID. This will:

  1. Fetch your org’s information (to get OAuth client IDs & tenant ID).

  2. Save that org’s config to ~/.p0/config.json (or, if you’ve set P0_ORG, to a temp-directory config).

  3. Launch your browser to authenticate via your org’s SSO provider.

  4. Persist the resulting ID/token bundle to an identity file.

  5. Print “You are now logged in, and can use the p0 CLI.”

2. (Optional) Use P0_ORG env var

If you’d rather not type your org ID each time, export it once:

This environmental variable enables logging in multiple orgs across terminal windows.

export P0_ORG=acme-corp
p0 login          # “org” is picked up from the env var

What Files Are Created

File

Purpose

(or $TMP/p0/config.json-<ORG_ID>)

When P0_ORG is set, alternate location

~/.p0/identity.json

Your saved token + org slug + expiry time

(or $TMP/p0/identity.json)

When P0_ORG is set

Files are stored with restrictive permissions (600) so only you can read them.


Supported SSO Providers

P0 CLI will detect your org’s SSO Provider and we will pick the right flow.

  • Google / Google-OIDC

  • Okta

  • Ping

  • Microsoft / Azure-OIDC

If your org uses a custom or unsupported provider, you’ll see an “Unsupported login for your organization” error.


Troubleshooting

  • “Could not find organization”

    • Verify your org ID is correct and spelled exactly as given.

  • Browser didn’t open / SSO popup blocked

    • Be sure your $BROWSER env var is set or you have a default browser configured.

    • Check your popup-blocker settings.

  • “Please run p0 login <organization> to use the P0 CLI.”

    Indicates no identity file was found. Simply re-run the login command.

Last updated