Configuring OpenID Connect
OneLogin can be used as an external login provider for Therefore™. The exact process and UI options are managed by OneLogin and can be subject to change from their side at any time.
Configuration in OneLogin
In the OneLogin portal, an application has to be created.
Check that the following settings are configured for the application:
-
The application type should be OpenID Connect
-
If Therefore™ should retrieve user roles directly from OneLogin, the default for field groups has to be set to User Roles with Semicolon Delimited input (Multi-value output)
-
In addition to the application, API credentials need to be configured. Read Users permissions are sufficient for the use as an external user database.
Redirect URIs
For the configuration of the application in OneLogin, redirect URIs for Therefore™ applications are necessary. They can be found here:
Configuration in Therefore™
To configure OneLogin as an external login provider, select the option 'OneLogin' under 'External User Directories'.
Enter the following values into the respective fields in the dialog of the Therefore™ Solution Designer:
| OneLogin Label | Therefore™ Setting | Description |
|---|---|---|
| Client ID | Therefore™ Client ID |
The ID of the OneLogin application used by Therefore™ for login |
| API Settings | ||
| Client ID | Client ID | The client ID used for the API credentials configured for Therefore™ |
| Client Secret | Client secret | The value of the client secret used for the API credentials configured for Therefore™ |