OpenID Connect configuration guide

Note

OpenID Connect is a single sign-on method that allows users to log in once and then gain access to other applications.

Concepts

OpenID Connect authentication involves two parties:

1. Service Provider: The application that the user is trying to connect to. In our case, this is S-Filer Portal.
2. Identity Provider: Performs authentication and passes the user's identity to the service provider. Several identity providers support OpenID Connect authentication, including Microsoft, Google and Salesforce.

Here are the main steps in the OpenID Connect authentication workflow:

1. The unauthenticated user attempts to access the service provider.
2. The service provider determines the identity providers available for authentication.
3. The user enters their credentials to the selected identity provider with an OpenID Connect request.
4. The identity provider validates the credentials and an identity token is sent back to the service provider.
5. The user is now authorized to access the application.

Configuration

To Configure OpenID Connect, first some steps need to be done in the identity provider, then S-Filer is configured using information from the identity provider.

The configuration required to enable authentication with OpenID Connect differs from one identity provider to another. The following subsections give detailed instructions for each of the providers we tested with S-Filer Portal.

• Google
• Microsoft
• Salesforce

Then configure S-Filer Portal:

• Configuring S-Filer Portal