Admin
      Back to home
      1. Help Center
      2. Getting Started
      3. Admin

      Single Sign-On

      OpenID Connect (OIDC) is a federated protocol that provides an identity layer that is built on OAuth 2.0. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server. OIDC is the only protocol we support.

      Identity Provider (IDP) is an OAuth 2.0 authorization server that offers authentication as a service. It ensures the end-user is authenticated. E.g. Google, Ping, Azure, Okta, etc.

      The End User, Identity Provider (IDP), and Application are the main participants.

      User Flow:

      • End-user navigates to a predetermined login page (e.g. accounts.infosum.com/login/google).
      • This URL gets redirected to the IDP with a callback URL and a CSRF token.
      • The user attempts to log in, if successful, then will be sent to the callback URL with an access code.
      • The application checks the CSRF token for integrity and then uses the access token to get an ID and access token.
      • The access token is validated.
      • The ID token is used to get more detail about the user.
      • If the user exists, a session cookie is set, and they are redirected to the Application.
      • If the user does not exist, a login ID and a user profile is created. Then the above step is performed.

      Implementation:

      1. Customer provides the name of their IDP/SSO provider to Infosum
      2. Infosum creates an ID connector on our end.
      3. Infosum provides the below information to customers:
          1. Redirect or Callback URL - This is where the IDP sends authentication responses.
          2. Login URL - Login page URL
      4. The customer needs to provide us with the following information:
          1. Client ID - This is obtained from the configuration page of your identity provider.
          2. Client secret - As above. This field is sensitive so be mindful when copying it around. The secret is encrypted in the database.
          3. Discover URI (also known as Discovery Document) - This is a URL that lists the configuration necessary for the identity provider to operate. This information is fixed at the location: https://<idp-hostname>/.well-known/openid-configuration, where <idp-hostname> is the hostname of IDP
          4. Email Domains - All email domains that customer wants to associate with their ID provider
          5. Image URL - This field is optional. If it is provided, then this image will appear on the sign-in page.
      5. Customer ID provider will be configured in the Infosum platform.

      Note: Infosum doesn’t have a sandbox configuration for customer interactions. However, we are very happy to build a connector for the customer's sandbox account to support testing. Once everything works as expected, Infosum deletes the sandbox connector and creates the production one.