OpenID Single Sign On
Updated 4 months ago
by
Daniel Sjögren
OpenID Single Sign On provider configuration
Quinyx supports the OpenID Connect specification (Currently version 1.0)
The provider now also supports Mobile SSO login.
Prerequisites to complete a configuration:
- IDP (Identity provider) set up supporting the OpenID framework.
- Identification tokens for Quinyx to use for identification towards IDP service.
Access to the authentication settings is restricted to the Account manager role.
Basic configuration
To create a new configuration or to edit an existing one, go to Authentication settings > OpenID providers:
Click Add - to create a new configuration.
Configure the basic details for OpenID Connect
- Name: The name of the provider in Quinyx.
- Attribute name: The attribute used as username in the OpenID setup.
- Scopes: Sets of information to be made available as Claim Values from the IDP. OpenID is the minimum. Profile is common to use. To add a scope, type in the name of what you want to add in the scopes field.
- Identification type: What data type can Quinyx match with the data from the IDP.
- Use PKCE: To enhance security this feature can be used but that must be supported by the customer's IDP to work. PKCE is a concept of OAuth 2.0. Tick the "Use pkce" checkbox to activate.
- Logout URI: URI for logging out the client in Quinyx, but also in the customer's identity provider.
- Client ID: ID the customer must provide so Quinyx can identify itself towards the IDP
- Client secret: The secret should also be provided by the customer for identification purposes together with the Client ID10.
- Preset URL: Enter the base URL of the Customer's IDP and Quinyx will fetch preset information that will be populated in the Advanced preset values
- Click Continue.
- The form will be populated with the preset data from the Preset URL.
- Copy the Return URI and provide it to the Customer
If you would like to manually update anything in the Advanced section click on the padlock.
