Use Case: We have the option to do an Open ID Connect SSO where we do not have a specifically constructed provider to serve through. If you use Microsoft Azure or Google, we have dedicated SSO options for those providers.
We require the following information for your OIDC provider to be provided to us to set up on your white label application.
Client ID - The client ID is unique to your organization, and will be retrieved from your provider.
Client Secret - The client secret is unique to your organization and will be retrieved from your provider.
Authorize URL - URL to retrieve an authorization grant.
Token URL - URL to retrieve a token.
User Information URL - URL to retrieve the user information.
Scopes - the scopes required to access the required user information, requires openid.
Login Attribute - the unique identifier that will be used to identify the logged-in user, for example, email.
We request the scopes for openid, profile, and email. However, for the account to function we only require the unique identifier of the user to be returned to us from an authenticated user. The other values are optional and only serve to simplify the signup process and personalize the user's account.
If the provider allows a redirect URI to be set, we require this to be set to https://react-dot-platform-151821.uc.r.appspot.com/oauth2/oidc/login/YOURIDHERE
The database ID will be provided by Interplay Learning. Please reach out to firstname.lastname@example.org if you are ready to implement and do not have the ID.
Just In-Time Provisioning
It is possible to automatically provision users from your OIDC provider into your SkillMill white label. We can do this with only the above-required information, however, if you want to match things like group structures or roles, we will need to know the URLs to retrieve this information from your account.
For more information about the process we use, refer to the Open ID Connect documentation here or contact your Interplay Learning sales or customer support representative.