To connect your SSO to our authentication system, we support the OpenID Connect protocol.

We require the following information :

• Authorization URL
  • Endpoint defined in the OpenID Connect protocol
  • ex : https://auth.example.com/aaaa/oauth2/v2.0/authorize
• Token URL
  • Endpoint defined in the OpenID Connect protocol
  • ex : https://auth.example.com/aaaa/oauth2/v2.0/token
• Logout URL
  • Endpoint used to logout a user from the platform
  • ex : https://auth.example.com/aaaa/oauth2/v2.0/logout
• User Info URL
  • Endpoint defined in the OpenID Connect protocol, returns user profile info
  • ex : https://auth.example.com/oidc/userinfo
• Issuer
  • Token issuer, used to validate the token origin
  • ex : https://auth.example.com/aaaa/v2.0
• JWKS URL
  • URL where identity provider keys in JWK format are stored.
  • ex : https://auth.example.com/aaaa/discovery/v2.0/keys
• Client ID
  • ID of the application created in your SSO
• Client Secret
  • Secret of the application created in your SSO
• Email domains
  • List of all domains on which your SSO has addresses
  • ex : aaaa.com, aaaa.fr, aaaa-it.com
  • It is also possible to authorize all the sub-domains of a domain on demand; by default, this behavior is disabled.
• PKCE
  • Some SSO require PKCE (Proof of Key-Code Exchange). In that case, we need the PKCE method.
  • Available methods : none, plain, S256