OpenID Single Sign On
Updated 2 months ago
by
Daniel Sjögren
OpenID Single Sign On provider configuration
Quinyx supports the OpenID Connect specification (Currently version 1.0)
Prerequisites to complete a configuration:
- IDP (Identity provider) set up supporting the OpenID framework.
- Identification tokens for Quinyx to use for identification towards IDP service.
Access to the authentication settings is restricted to the Account manager role.
Basic configuration
To create a new configuration or to edit an existing one, go to Authentication settings > OpenID providers:
Click Add - to create a new configuration.
Configure the basic details for OpenID Connect
- Name: The name of the provider in Quinyx.
- Attribute name: The attribute used as username in the OpenID setup.
- Scopes: Sets of information to be made available as Claim Values from the IDP. OpenID is the minimum. Profile is common to use. To add a scope, type in the name of what you want to add in the scopes field.
- Identification type: What data type can Quinyx match with the data from the IDP.
- Use PKCE: To enhance security this feature can be used but that must be supported by the customer's IDP to work. PKCE is a concept of OAuth 2.0. Tick the "Use pkce" checkbox to activate.
- Logout URI: URI for logging out the client in Quinyx, but also in the customer's identity provider.
- Client ID: ID the customer must provide so Quinyx can identify itself towards the IDP
- Client secret: The secret should also be provided by the customer for identification purposes together with the Client ID10.
- Preset URL: Enter the base URL of the Customer's IDP and Quinyx will fetch preset information that will be populated in the Advanced preset values
- Click Continue.
- The form will be populated with the preset data from the Preset URL.
- Copy the Return URI and provide it to the Customer
If you would like to manually update anything in the Advanced section klick on the padlock.
