Document toolboxDocument toolbox

Settings - OpenID Connect

Owned by Pavel Novák
Aug 22, 2024
2 min read

In this configuration section, you can set up integration with a remote user source that supports the OpenID Connect standard. Unlike Active Directory (AD) or ADFS integration, where only one remote user source can be used, OpenID Connect allows you to configure and use multiple sources simultaneously.

The settings section contains a table (list) of existing configured integrations. If none are configured yet, the table will be empty. You can edit or delete existing integrations using the corresponding icons on the right side. Additionally, you can temporarily deactivate or reactivate any integration using the "Active" toggle switch.

You can add a new OIDC integration by clicking the "+ ADD" button above the list. A form will appear with the following fields to be completed:

Title

This is for the administrator's reference and overview.

Issuer

The URL of the identity provider where clients will be redirected for login. For example:

  • For Google: https://accounts.google.com

  • For Microsoft: https://login.microsoftonline.com/<unique id>/v2.0

(The URL may change, so it is necessary to always verify the current URL with the OIDC provider.)

Application ID (client)

A unique identifier for the OIDC client, i.e., the specific instance of the SOFiE application. A new unique ID is usually generated by the OIDC provider and entered here in the SOFiE configuration.

Client secret

This is usually generated by the OIDC provider and entered here in the SOFiE configuration.

Type

Select one of the supported types of OIDC providers:

  • MS - Unified online login for Microsoft (Azure, 365, Entra).

  • GOOGLE - Unified online login for Google.

  • GENERIC - Another general OpenID Connect provider.

Since Microsoft and Google services require specific adjustments beyond the general OpenID Connect, they have their own integration type. Other services should work under the generic type.

Active

Specifies whether this integration is active and therefore available for users to log in.

Redirect URI

A read-only preview of the URL that should be supplied to the OIDC provider so that it can redirect authenticated clients back to the SOFiE application. This will be displayed only after the initial save of the settings. To obtain this URI when creating a new integration, you need to first save the form and then reopen the new entry from the list.