Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            OpenID Connect (OIDC) configuration

            Prerequisites

            You need an Identity Provider that supports OpenID Connect (OIDC) federation protocol with implicit flow (we've only experienced issues with Jumpcloud's response modes not matching). 

             

            Process

            Activating the SSO for your organization is easy and is done in four steps:

             

            1. Fill in the form to request the activation of SSO.

            It will create a ticket for our support team that'll be in charge of activating the SSO.

             

            2. Configure an OIDC connection in your Identity Provider.

            Please refer to your IdP documentation to do so.

             

            You will need the following information:

             

            3. Send the requested information to our support team

            Just reply to the created support ticket with the data required so the support team can activate your connection.

             

            You will need to send us:

            • Discovery URL: a public URL that links to your Identity Provider configuration (often containing /.well-known in the address)
            • Client ID: generated upon creation of the connection in your Identity Provider
            • Client secret: if using the back-channel option, otherwise not needed
            • List of domains: the domains that'll be redirected to your Identity Provider for authentication
            • Due date: The date you wish the SSO to be activated, if not provided it'll be handled asap.



            4. SSO activation

            The support team will activate your SSO connection for the CybelAngel platform according to the Due date you provided. 



            FAQ

            Q. Can I have multiple Identity Providers set for my organization?

            A. Yes, you can. You just need to make sure each IdP has no domain in common and make two separate requests to the support using the landing page.

             

            Q. How can I secretly share my client secrets with CybelAngel?

            A. You can use any secret sharing solution with self-expiring links, like onetimesecret for example.

             

            Q. I'm using Sign&Go and SSO is not working

            A. When using the Sign&Go solution, you must activate JWT tokens and input the signature given by your access provider.

             

            Q. Can you provide an example of configuration with Okta?

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0