Generic OIDC

This option can be used to configure any provider that offers the OpenID / OIDC protocol to integrate with Therefore™. Configuration varies by provider.

Configuration in the external provider's portal

A custom client has to be defined in the external directory.

Redirect URIs

For the configuration of the custom client, redirect URIs for Therefore™ applications are necessary. They can be found here:

Redirect URI Compilation

Configuration in Therefore™

To configure Generic OIDC with an external login provider, select the option 'Generic OIDC' under 'External User Directories'. Enter the domain into the filed labeled Domain / Directory name.

Click the button labeled 'Auto-Detect'. A dialog labeled 'OIDC Discovery Endpoint' opens. Enter the OIDC discovery URL and click OK. The other settings in the dialog are auto-populated based on the input, except for the Therefore™ Client ID that has to be entered manually.

Enter the following values into the respective fields in the dialog of the Therefore™ Solution Designer:

Provider Label Therefore™ Setting Description

Depends on the provider

OIDC Discovery Endpoint

Provider Label	Therefore™ Setting	Description
Depends on the provider	OIDC Discovery Endpoint	Enter the OIDC discovery URL to auto-populate the other settings. In case of a configuration using Google, the URL follows the pattern specified below: `https://accounts.google.com/.well-known/openid-configuration`
Depends on the provider	Therefore™ Client ID	The ID of the custom client configured in the external directory

Enter the OIDC discovery URL to auto-populate the other settings. In case of a configuration using Google, the URL follows the pattern specified below:

https://accounts.google.com/.well-known/openid-configuration

Depends on the provider Therefore™ Client ID The ID of the custom client configured in the external directory

Users

For generic OIDC it is always required to manually create the SAML/OIDC users before configuring the authentication.