OpenID Connect

OpenID is a decentralized authentication protocol that allows users to authenticate with multiple websites using a single set of login credentials. It enables users to create a single digital identity that can be used across different websites and services without having to create a new account or remember multiple usernames and passwords.
OpenID works by providing users with an OpenID URL, a unique identifier for their digital identity. When a user logs in, they are redirected to their OpenID provider's website to authenticate themselves. Once authenticated, the OpenID provider sends a token back to the website, verifying the user's identity and allowing them to access the site.
OpenID is an open standard. It is supported by a wide range of websites and services and designed to be interoperable with other authentication protocols like OAuth.

Configuring OpenID

Step 1: Login to PlexTrac as a global admin or tenant admin.
Step 2: Navigate to the Account Admin page. Click Security under "Security & User Management."
Step 3: Click Authentication Methods under "Authentication."
Step 4: From the OAuth Providers tab, elect "OpenID Connect" from the dropdown menu under "Authentication Providers."
Step 5: Enter values for the following:
  • .well-known Configuration: The URL to the provider's .well-known configuration. The ".well-known" directory is a standardized way for web applications and services to expose metadata about themselves. One of the most commonly used files in the .well-known directory is the "openid-configuration" file, which provides metadata about the OpenID Connect provider in use by the web application. The file specifies the authorization and token endpoints, the supported scopes and claims, and the public keys used to sign and verify ID tokens.
  • Identifier: The identifier provided by the IDP.
  • Secret: The secret value provided by the IDP.
PlexTrac makes a request to the provided .well-known Configuration’s authorization endpoint with the following query string parameters:
  • client_id
  • redirect_uri
  • response_type=code
  • scope=openid email
  • state
Validate that the authorization endpoint supports the “code” response type, as well as the “openid” and “email” scopes.
Step 6: Enable this service by toggling the Enabled button to the right. Click Save.
Step 7: Go back to "Security & User Management" and click Users.
Step 8: Under the column header "Authentication Provider," select the desired user and change the value to "OpenID Connect."
Each user has to be configured individually.
Last modified 1mo ago
© 2023 PlexTrac, Inc. All rights reserved.