Setting up SSO with OpenID Connect

This article takes an administrator through the process of setting up SSO to use with OpenID Connect (OIDC).

Introduction

OIDC dramatically simplifies the configuration process required with an Identity Provider (IdP) to use SSO with Apteco. These include our already integrated providers Azure Active Directory, Okta, and OneLogin. If your chosen provider supports OIDC, then you can set up SSO by following the steps below.

Create an account and app with your IdP

Before you can configure SSO with OIDC, you must set up your app.

To create your account:

1. Choose an IdP.

2. Follow their registration procedure to create your account. Once you have created and verified your account, you can then create an app.

Set up the app

You must provide a Sign-in Redirect URL (or equivalent) within your IdP configuration.

e.g. https://<yourWebServerURL>/OrbitAPI/signin-oidc

To set up your app:

1. Make a note of the following from your IdP:

   • Authority URL

   • OIDC Client ID

   • OIDC Client Secret

2. Use these credentials to configure the Orbit API.

Orbit API configuration

To configure the Orbit API:

1. Open the Orbit API Configurator.

2. Click General → External login service options.

3. Select OpenIdConnect from the Protocol drop-down menu.

4. Paste in the values for:

   • Authority URL

   • OIDC Client ID

   • OIDC Client Secret

   

5. Save the settings.

Allow auto-registration

This is an optional step that allows auto-registration for unknown users logged in via single sign-on.

To allow auto-registration:

1. Click Test → Session service.

2. Check the box to Allow auto-registration for unknown users logged in via Single Sign-On providers.

   

This option means you don’t need to create users in advance. They are created automatically when logging in through the SSO mechanism for the first time.

You must now Configure Apteco to use SSO to complete the setup process.