Login With OpenID Connect (OIDC)

OpenID Connect (OIDC) is a Single Sign-on (SSO) authentication process that lets you sign in only one time using one set of credentials. Instead of having to remember separate sets of credentials for each application, you can simply log in once.

For example, if you log in to a Google service such as Gmail, you are automatically authenticated to Google apps. Likewise, if you log in to Gmail and then try to log in to the EIIG platform, you will be automatically signed in if OIDC is configured for your EIIG account.

Azure OpenID Configuration

Follow these steps to configure OpenID Connect.

Step 1: Create an APP

Go to App registration.

  • Provide a name for the app. (For example, EIIG-dev)

  • Under Supported account type select Accounts in this organizational directory only.

  • Provide a Redirect URL. (For example, eiigdev.orionic.com/oidc)

  • Click Register.

  • Record the values in the Application ID and Tenant ID.

Step 2: Token Configuration

  • Add Optional claims.

  • Under Token Type select ID.

  • Under Claim select email, family_name, given_name, and upn.

  • Click Add.

  • Select Turn on the Microsoft Graph email, profile permission.

  • Click Add.

Step 3: Add Group Claims

  • Select Group Claims

  • Under Customize token properties by type expand ID.

  • Under ID select Group ID.

  • Click Add.

Step 4: Security Group

  • Please ignore if you already have security groups.

  • If not, please create a security group in Entra and add the required user.

You need to create multiple security groups based on the different types of access required to the EIIG app.

Step 5: Configure OIDC in EIIG

Get the details from Step 1 and follow the below instructions.

  • Click External Integrations.

  • Enable OpenID Connect.

  • In Client, enter the client name/client ID.

  • In Provider URL, enter the provider URL as https://login.microsoftonline.com/<Your_App_Tenant_ID>/v2.0 to sign in to your account.

  • The Redirect URL is captured by default and matches with the redirect URL configured in the Azure App.

  • Scopes is blank by default.

  • Organization Role Mapping allows you to add users of an Open ID Group to a specific organization. For this, click the Add button under Organization Role Mapping.

  • Select an organization from the Select Organization drop-down.

  • Select an organization role from the Select Organization Role drop-down.

  • In OpenID Group, enter the mapped Azure Group ID.

  • Click Add to add multiple organizations.

  • Profile To Group Mapping allows you to add user profiles to OIDC groups. When this is done the settings of the selected user profile will be applied to all users in the specified OIDC group and this will be activated upon login.

When an OIDC group is added to two different user profiles, it will remain mapped to the profile that was mapped first.

When a user switches OIDC groups, the user profile linked to the new group will take precedence.

When the Enterprise Admin deletes a user from a user profile mapped to an OIDC group, the OIDC group settings will take precedence at the user's next login to EIIG, automatically re-adding the user to that profile.

Multiple OIDC Groups can be assigned to one user profile.

  • To add a profile/profiles to an OIDC group, click the Add button under Profile To Group Mapping.

  • The Profile To Group Mapping fields are displayed.

  • Select a user profile from the Select Profile dropdown and provide the Open ID Group details.

  • Click Save to configure OpenID Connect.