Skip to main content

OIDC Configuration

erm4sn supports authentication via OpenID Connect (OIDC), enabling users to log in securely using identity providers such as Microsoft Azure AD, Okta, LinkedIn, and others.

Configuring an OIDC Provider

To integrate erm4sn with an OIDC provider, configure the following parameters in your identity provider’s settings:

Required OIDC Settings

SettingValue ExampleDescription
Client IDyour-client-idUnique identifier assigned by the OIDC provider.
Client Secretyour-client-secretSecret key for authentication (keep this secure).
Redirect URIhttps://customer.try.erm4sn.com/login/oidc-resolveThe URL where the OIDC provider redirects after authentication.
Logout URLhttps://customer.erm4sn.com/login/oidc-logoutRedirect URL for logout.

Configuring OAuth 2.0 Scopes

Scopes define what the application can access on behalf of the user. These scopes should be set in your OIDC provider:

ScopePurpose
openidEnables authentication via OIDC and allows identity verification.
profileGrants access to the user's name and photo.
emailProvides the user's primary email address.
OAuth Consent Screen

When users log in, they will see a consent screen listing the requested scopes and permissions. Ensure the descriptions align with your provider’s OAuth experience.

Example OIDC Provider Configurations

Microsoft Azure AD OIDC Configuration

  1. Go to: Azure PortalAzure Active DirectoryApp Registrations.

  2. Click "New Registration", and set the redirect URI to: https://customer.try.erm4sn.com/login/oidc-resolve

  3. Under Authentication, enable ID tokens.

  4. Copy the Client ID and Client Secret from the Certificates & Secrets section.

  5. Under API Permissions, add:

  • openid
  • profile
  • email
  1. Save the configuration and use the Issuer URL, Token Endpoint, and User Info Endpoint from Azure in your erm4sn settings.

Okta OIDC Configuration

  1. Go to: Okta Admin ConsoleApplicationsCreate App Integration.

  2. Select OIDC – OpenID Connect and Web Application.

  3. Set the redirect URI to: https://customer.try.erm4sn.com/login/oidc-resolve

  4. Under General Settings, enable ID Tokens and set response type to code.

  5. Under Scopes, add:

  • openid
  • email
  • profile
  1. Save the configuration and use Okta’s Issuer URL and endpoints in erm4sn.

LinkedIn OIDC Configuration

  1. Go to: LinkedIn Developer PortalMy Apps.

  2. Click Create App and configure the OAuth 2.0 settings.

  3. Set the Authorized Redirect URLs to: https://customer.try.erm4sn.com/login/oidc-resolve

  4. Under OAuth Scopes, add:

  • openid
  • email
  • profile
  1. Copy the Client ID and Client Secret and configure them in erm4sn.

Testing OIDC Authentication

Once the configuration is complete:

  1. Log out of erm4sn and navigate to the login page.
  2. Click Sign in with OIDC Provider.
  3. Authenticate using your configured OIDC provider.
  4. Upon successful login, you should be redirected to erm4sn with your user account created or updated.
Best Practice

For enhanced security, enable short-lived tokens and refresh token rotation in your OIDC provider settings.