Read below to learn how to configure SSO for the OpenID Connect standard.
Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authentication ➜ SSO.
If you do not see SSO ➜ OpenID in the sidebar, make sure it is enabled and published to the environment.
After clicking the OpenID Manage button, insert your redirect URL and save the changes. If you are using the Hosted login method, the Redirect URL should be https://[your-frontegg-domain].frontegg.com/oauth/account/oidc/callback.
If you are using the Embedded Login method, the Redirect URL should be [your-application-url]/account/saml/callback, for example: http://localhost:3000/account/oidccallback.
When using a custom domain
We strongly encourage you to configure a custom domain in your Frontegg app before configuring your OpenID connection, as it may require some downtime to change it retroactively after configuring your connection. Custom Domains are beneficial for a number of reasons, such as avoiding cookie issues and enhancing your brand. Learn more about Custom Domains.
If you opt not to configure a custom domain, use your
frontegg subdomainfollowed by
/auth/oidc/callbackfor your ACS URL.
After configuring OIDC in the Frontegg Portal, you can allow your end users either to apply the SSO connection via the Self-service or apply the connection details from their IDP on their behalf, via the Backoffice ➜ Accounts ➜ Account ➜ Actions SSO ➜ Configurations.
For enabling the SSO tab in the Self-Service for your end users:
Admin portal integration
Make sure that you have integrated the Admin portal into your application as described in (doc:react-self-service).
After the SSO tab is enabled, your customers can follow the instructions for adding the details of the connection from the IDP - here.
For OpenID there is no option to map roles to groups from the Self-Service UI (Admin portal). It can be applied only via APIs or the Backoffice.
For applying the SSO connection on behalf of your customers, you can use the back office or do it by using our APIs.
Updated 10 days ago