- 20 May 2024
- 3 Minutes to read
- Print
- PDF
OpenID Connect
- Updated on 20 May 2024
- 3 Minutes to read
- Print
- PDF
OpenID Connect Authentication enables seamless login into several web applications and provides a standardized method for clients to authenticate users and obtain basic profile information about them.
It's commonly used for Single Sign-On (SSO) and federated identity scenarios.
Add OpenID Connect Authentication
To add a new OpenID Connect Configuration, perform the following steps to define the general properties:
General Properties
- Navigate to Platform Studio > Access Control Center > Add Authentication > OpenID.
- Select OpenID from the Authentication Types. Figure: Add OpenID Connect Configuration
- Click Add OpenID Configuration to add a new instance for Authentication type.
Figure: Add OpenID - Click Next to move to the next screen to enter the configuration details.
Create User
If OpenID Connect Tab is selected, the screen appears below.Figure: OpenID Connect configuration screen
The table shows the list of attributes for enabling the OpenID Connect Configuration.
Field Description
Field Description Name Specify a name for the OpenID configuration in the Name field. Logo* You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload. Login Type Specify the type of Login. You can select Basic or Advanced from the drop-down list.
Figure: Login TypeGrant Type* Select the Grant Type either as Authorization Code or Implicit by expanding the Grant Type drop-down list.
Figure: Grant TypeClient ID* Specify the public identifier. This is the Application ID from the Okta portal. Issuer* Type the URL of Issuer OpenID. Redirect URL* Type the Redirect URL here. This is the same URL you have specified in the Redirect URL field of the Okta portal.
Figure: Redirect URLScope Specify the Scope of authentication (openid profile email). Response Attribute* Select Response Attribute either as Email or User Principal Name by expanding the drop-down list. NoteIn OpenID Connect (OIDC), the Response Attribute includes details about the authenticated user. The types of Response Attributes are:
- Email Address: This is a standard attribute many applications use for communication and identification. When a client application requests the user's email address, it typically includes the email scope in the authorization request. The OpenID Provider(OP) then includes the user's email address in the response, allowing the client application to access it.
- User Principal Name (UPN): The UPN is a user identifier associated with Microsoft Active Directory. It usually takes the form of an email-like address, such as username@domain.com. However, unlike the email address, the UPN is specific to the user's identity within the Active Directory domain.
Two Factor Authentication Enable the check for Two Factor Authentication.Figure: Check box
If you click Two Factor Authentication, you can choose the type of Login Type from the field list.
Figure: Enable Two Factor AuthenticationCreate User Enable the box to create user. Specify the Timezone from the drop-down list.
Figure: Timezone
Figure: Timezone list
Select the Roles for the User from the drop-down list.
Figure: Roles - Click Save to save the configuration entered in the field.
Figure: OpenID Connect Configuration