Skip to main content
All CollectionsMFA and SSO
How to Enable The SSO feature using OpenID Connect (OIDC)
How to Enable The SSO feature using OpenID Connect (OIDC)
Updated over 3 months ago

The VaultOne platform supports integration with several identity providers through the OpenID Connect (OIDC) protocol.

In this article you will find the requirements and our recommendations for configuring this integration.

First Step:

It's recommended to utilize a JSON formatter software for better visual interpretation.

Access the "Well Known URL" of the application that will be responsible for the SSO and check the requeirements below:

1. Response types: “ID_Token” or “Code ID_Token”

2. Grant types: “Implicit”

3. Scopes: “openid”, “email” and “profile”

Screenshot 2024-01-23 at 10.32.39.png

Screenshot 2024-01-23 at 10.33.19.png

Screenshot 2024-01-23 at 10.35.03.png

Second Step:

After validating the requirements above, still in the "Well Known URL", copy and paste the "issuer" and "authorization_endpoint" URL and save it for later.

Third Step:

Perform the configuration within the identity provider.
NOTICE:
In this configuration you MUST select the options that were informed in the requirements above.

While configuring, the identity provider may ask for the Redirect URL and VaultOne Login URL, in both cases you must place the whole Login URL, like in the example: https://demo.vault.one/account/login

After the configuration the application will generate a Client ID, this will later be used in the VaultOne platform.

Fourth Step:

Access your VaultOne, go to "Administration" -> "Settings" -> "Identity Providers", enable the option "OpenID Connect Information" then fill the necessary information.

- Client ID is the information generated after configuring the identity provider in the Third Step.

- Issuer is the information you saved in the Second Step.

- Authorization endpoint is the information you saved in the Second Step.

After filling the information, click "Save all" in the top-right corner of the screen.

Done, you can now use OpenID Connect SSO within VaultOne.

Tip:

If you are experiencing issues, in some cases, you might need to redo certain configurations. On the website below you can verify if the application is sending all the necessary data to VaultOne during the login.

  1. Fill in the "Authorize URI" with the "Issuer" and keep the "Redirect URI" as it is.

  2. Enter the "Client ID" generated by the application.

  3. In addition to "OpenID", include "Email" and "Profile" in the Scope.

  4. Keep the "State" and "Nonce" information unchanged.

  5. In "Response Types", check the option "ID_token".

  6. Click on "Send Request". Now, you can verify whether all information is being sent correctly or if the token is being sent with insufficient information, for example.

If you have any questions about this, just send us an email at [email protected]!

Did this answer your question?