The purpose of this article is to describe the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.
This will cover OIDC setup methods.
Note: SAML is recommended and will also be a slightly less involved process setup. Please see this article to implement using SAML: IT - Single Sign-On Application Setup for SAML Identity Providers
OIDC Setup (only use this method if you cannot use SAML)
- Create a new OIDC SSO application in your Identity Provider using email as the User/Name ID format.
- Share the following pieces of information with your organization’s OnBoard administrator, which will input that information into OnBoard:
- Authority (this is the Audience URI and is unique per provider)
- Client ID
- Client Secret
- After that, OnBoard’s team will have a few configuration pieces that they’ll process.
- OnBoard will share back a redirection URL to plug back into the OIDC application in your IdP.
From the Admin side back in OnBoard:
- Log in to OnBoard and click on Settings in the left navigation
- Click on the Security tab at the top of the screen.
- Click the toggle on the Enable SSO option.
- Set the Authentication Framework to OIDC, and select your Provider.
- Paste in the Authority/Audience URI from the Identity Provider side.
- Enter the Display Name. This usually would be something related to your organization.
- Enter the OAuth Client ID in Client ID.
- Enter the OAuth Client Secret in Client Secret.
- If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option.
Important Note: Enforcing SSO for the organization will require users to access the organization through their pre-existing SSO credentials.
- Click Save Changes at the top of the Enable SSO panel.
- Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.