The purpose of this article is to describe the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.
This will cover OIDC setup methods.
Note: SAML is recommended and will also be a slightly less involved process setup. Please see this article to implement using SAML: IT - Single Sign-On Application Setup for SAML Identity Providers
(only use this method if you cannot use SAML)
- Create a new OIDC SSO application in your Identity Provider using email as the User/Name ID format.
- Share the following pieces of information with your organization’s OnBoard administrator, which will input that information into OnBoard:
- Authority (this is the Audience URI and is unique per provider)
- Client ID
- Client Secret
- After that, OnBoard’s team will have a few configuration pieces that they’ll process.
- OnBoard will share back a redirection URL to plug back into the OIDC application in your IdP.
From the Admin side back in OnBoard:
- Log in to OnBoard and click on Settings in the left navigation
- Click on the Security tab at the top of the screen.
- Click the toggle on the Enable SSO option.
- This will expand the SSO options, you'll then want to click on "Set Domain."
- Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
- On the next screen you'll be prompted for an Authentication Code:
- To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
- And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
- This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
- Set the Authentication Framework to OIDC, and set your Provider in the Provider dropdown, then click Next.
- Paste in the Authority/Audience URI from the Identity Provider side.
- Enter the Display Name. This usually would be something related to your organization.
- Enter the OAuth Client ID into Client ID, the OAuth Client Secret in Client Secret, then click "Set Configuration."
- If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option.
Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization.
- Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.