OpenID Connect

OpenID Connect Authentication enables seamless login into several web applications and provides a standardized method for clients to authenticate users and obtain basic profile information about them. 

It's commonly used for Single Sign-On (SSO) and federated identity scenarios. 

Add OpenID Connect Authentication

To add a new OpenID Connect Configuration, perform the following steps to define the general properties:

General Properties

1. Navigate to Platform Studio > Access Control Center > Add Authentication > OpenID.
2. Select OpenID from the Authentication Types. Figure: Add OpenID Connect Configuration
3. Click Add OpenID Configuration to add a new instance for Authentication type.
   Figure: Add OpenID
   
   
4. Click Next to move to the next screen to enter the configuration details. 

   Create User

   If OpenID Connect Tab is selected, the screen appears below.
   

   Figure: OpenID Connect configuration screen
   The table shows the list of attributes for enabling the OpenID Connect Configuration.
    

   Field Description

   Field	Description
   Name	Specify a name for the OpenID configuration in the Name field.
   Logo*	You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload.
   Login Type	Specify the type of Login. You can select Basic or Advanced from the drop-down list. Figure: Login Type
   Grant Type*	Select the Grant Type either as Authorization Code or Implicit by expanding the Grant Type drop-down list. Figure: Grant Type
   Client ID*	Specify the public identifier. This is the Application ID from the Okta portal.
   Issuer*	Type the URL of Issuer OpenID.
   Redirect URL*	Type the Redirect URL here. This is the same URL you have specified in the Redirect URL field of the Okta portal. Figure: Redirect URL
   Scope	Specify the Scope of authentication (openid profile email).
   Response Attribute*	Select Response Attribute either as Email or User Principal Name by expanding the drop-down list. Note In OpenID Connect (OIDC), the Response Attribute includes details about the authenticated user. The types of Response Attributes are: Email Address: This is a standard attribute many applications use for communication and identification. When a client application requests the user's email address, it typically includes the email scope in the authorization request. The OpenID Provider(OP) then includes the user's email address in the response, allowing the client application to access it. User Principal Name (UPN): The UPN is a user identifier associated with Microsoft Active Directory. It usually takes the form of an email-like address, such as username@domain.com. However, unlike the email address, the UPN is specific to the user's identity within the Active Directory domain.
   Two Factor Authentication	Enable the check for Two Factor Authentication.Figure: Check box If you click Two Factor Authentication, you can choose the type of Login Type from the field list. Figure: Enable Two Factor Authentication
   Create User	Enable the box to create user. Specify the Timezone from the drop-down list. Figure: Timezone Figure: Timezone list Select the Roles for the User from the drop-down list. Figure: Roles

   
   

5. Click Save to save the configuration entered in the field.
   Figure: OpenID Connect Configuration

   URL used for redirecting the User to specific page after SSO.

   Note

   • Image width should be less than 300px.
   • Image height should be less than 48px.
   • Supported Image format: .gif, .jpeg, .jpg, .png, .bmp.

   URL that identifies your OpenID Identity provider.