OpenID Connect
  • 20 May 2024
  • 3 Minutes to read
  • PDF

OpenID Connect

  • PDF

Article summary

OpenID Connect Authentication enables seamless login into several web applications and provides a standardized method for clients to authenticate users and obtain basic profile information about them. 

It's commonly used for Single Sign-On (SSO) and federated identity scenarios. 

Add OpenID Connect Authentication

To add a new OpenID Connect Configuration, perform the following steps to define the general properties:

General Properties

  1. Navigate to Platform Studio > Access Control Center > Add Authentication > OpenID.
  2. Select OpenID from the Authentication TypesFigure: Add OpenID Connect Configuration
  3. Click Add OpenID Configuration to add a new instance for Authentication type.
    Figure: Add OpenID

  4. Click Next to move to the next screen to enter the configuration details. 

    Create User

    If OpenID Connect Tab is selected, the screen appears below.

    Figure: OpenID Connect configuration screen
    The table shows the list of attributes for enabling the OpenID Connect Configuration.
     

    Field Description

    FieldDescription
    NameSpecify a name for the OpenID configuration in the Name field.
    Logo*You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload.
    Login TypeSpecify the type of Login. You can select Basic or Advanced from the drop-down list.
    Figure: Login Type
    Grant Type*Select the Grant Type either as Authorization Code or Implicit by expanding the Grant Type drop-down list.
    Figure: Grant Type
    Client ID*Specify the public identifier. This is the Application ID from the Okta portal.
    Issuer*Type the URL of Issuer OpenID.
    Redirect URL*Type the Redirect URL here. This is the same URL you have specified in the Redirect URL field of the Okta portal.
    Figure: Redirect URL
    ScopeSpecify the Scope of authentication (openid profile email).
    Response Attribute*Select Response Attribute either as Email or User Principal Name by expanding the drop-down list.
    Note

    In OpenID Connect (OIDC), the Response Attribute includes details about the authenticated user. The types of Response Attributes are:


    • Email Address: This is a standard attribute many applications use for communication and identification. When a client application requests the user's email address, it typically includes the email scope in the authorization request. The OpenID Provider(OP) then includes the user's email address in the response, allowing the client application to access it.
    • User Principal Name (UPN): The UPN is a user identifier associated with Microsoft Active Directory. It usually takes the form of an email-like address, such as username@domain.com. However, unlike the email address, the UPN is specific to the user's identity within the Active Directory domain. 
    Two Factor AuthenticationEnable the check for Two Factor Authentication.Figure: Check box
    If you click Two Factor Authentication, you can choose the type of Login Type from the field list.
    Figure: Enable Two Factor Authentication
    Create UserEnable the box to create user. Specify the Timezone from the drop-down list.
    Figure: Timezone
    Figure: Timezone list
    Select the Roles for the User from the drop-down list.
    Figure: Roles


  5. Click Save to save the configuration entered in the field.
    Figure: OpenID Connect Configuration

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.