OpenID
Note: This feature is available in Enterprise, AWS, Team editions only.
Table of contents
Overview
OpenID is an authentication protocol that allows users to authenticate by leveraging their existing identities from an OpenID provider. OpenID is designed for integration with third-party services, making all Identity Providers (IdPs) inherently built for integration with external services. While popular providers like Google can be utilized through OpenID, the protocol is particularly beneficial for custom, specific, or self-hosted identity providers.
For more comprehensive details on this authentication method, you can refer to the official site.
Configuration steps
Enabling OpenID Authentication
As an administrator, go to Settings -> Server Configuration.
Find the OpenID option in the Authentication Settings section and activate this setting to enable OpenID authentication.
Save the changes.
Adding an Identity Provider
As an administrator, navigate to Settings -> Identity Providers.
Click on the + Add button.
Fill in the following fields:
Field Description Provider Select OpenID
from the dropdown menu.ID Enter a unique identifier for the configuration. Configuration name Enter a descriptive name for this configuration. Description Provide a brief description of this identity provider configuration. Icon URL Enter the URL of an icon to represent this provider. Disabled Leave unchecked to enable this identity provider. Client ID The client identifier provided by the OpenID Connect provider. Client Secret A secret key associated with the client ID for authentication. IDP auth endpoint URL The endpoint for initiating the authentication process. IDP token endpoint URL The endpoint for obtaining access and refresh tokens. Custom scopes The custom scopes. Use with ;
delimiter.Name of the user groups attribute Name of the attribute which includes user groups. Name of the user id attribute Name of the attribute containing the user id value. Use if your identity provider doesn’t pass the user id to the standard claims [email, preferred_username, sub]
or you want to use a custom field for the user id.Read user info Check this box to read user profile data using the userinfo
endpoint URL.Name of an AWS role claim Name of the AWS role claim that contains the name of the AWS role. Note: The values for the Client ID, Client Secret, IDP auth endpoint URL, and IDP token endpoint URL depend on the specific OpenID Connect provider being used.
Click on the Create button.
Copy Redirect and Sign out Links:
- Enter the newly created identity provider.
- Copy the Redirect link and the Sign out link.
Update Redirect URIs in your service.
Logging in
With the OpenID configuration now established, proceed to the login screen.
Select the Federated authentication method, labeled with the Configuration name you specified.
Clicking on this authentication method will redirect you to your OpenID provider's sign-in page.
After successfully authenticating with your OpenID provider, you will be automatically redirected and logged into CloudBeaver.