OpenID Connect

OpenID is a decentralized authentication protocol allowing users to authenticate with multiple websites using a single login credentials. It enables users to create a single digital identity that can be used across different websites and services without creating a new account or remembering multiple usernames and passwords.

OpenID provides users with an OpenID URL, a unique identifier for their digital identity. When users log in, they are redirected to their OpenID provider's website to authenticate themselves. Once established, the OpenID provider sends a token back to the website, verifying the user's identity and allowing them to access the site.

OpenID is an open standard. It is supported by many websites and services and designed to be interoperable with other authentication protocols like OAuth.

Configuring OpenID

Step 1: Log in to PlexTrac as an admin.

Step 2: Navigate to the Account Admin page. Click Security under "Security & User Management."

Step 3: Click Authentication Methods under "Authentication."

Step 4: From the OAuth Providers tab, select "OpenID Connect" from the dropdown menu under "Authentication Providers."

Step 5: Enter values for the following:

.well-known Configuration: The URL to the provider's .well-known configuration. The ".well-known" directory is a standardized way for web applications and services to expose metadata about themselves. One of the most commonly used files in the .well-known directory is the "openid-configuration" file, which provides metadata about the OpenID Connect provider used by the web application. The file specifies the authorization and token endpoints, the supported scopes and claims, and the public keys used to sign and verify ID tokens.
Identifier: The identifier provided by the IDP.
Secret: The secret value provided by the IDP.

PlexTrac requests to the provided .well-known Configuration’s authorization endpoint with the following query string parameters:

client_id
redirect_uri
response_type=code
scope=openid email
state

Validate that the authorization endpoint supports the “code” response type, as well as the “openid” and “email” scopes.

Step 6: Toggle on the Enabled button. Click Save.

Step 7: Return to "Security & User Management" and click Users.

Step 8: Under the column header "Authentication Provider," select the desired user and change the value to "OpenID Connect."

Each user has to be configured individually.

PreviousOkta NextSAML Setup

Last updated 1 year ago

Was this helpful?