Skip to main content
Version: 2024.12.12

Connect to OIDC Provider

In this topic, you will find instructions on how to establish a connection with an identity provider using the OIDC protocol.

Prerequisites

Before you begin, ensure to have the following details from your IdP readily available:

  • Client ID
  • Client secret
  • .well-known/openid-configuration endpoint
  • The claim names for the following user information: first name, last name, username, email. For more information, see Map User Data.
note

This information can be obtained by reviewing the Digital.ai application instance configured in your IdP. If you have not already created an app instance for Digital.ai, you must do so before continuing. We recommend working with your IT team or whoever manages SSO administration at your company.

Log in to the Digital.ai Platform

  1. Log in to the Platform as an administrator.
  2. In the left navigation, under SSO, click Identity providers.
    • Alternatively, you can click the Setup identity provider on the Platform overview page.
  3. Click Add identity provider button to open the identity provider configuration wizard.

Step 1: Select provider Page

On the Select provider page, do the following:

  1. In Select authentication service, choose Add OIDC Provider.
  2. In Select identity provider, choose the provider that your company uses. If your provider is not listed, choose Other.
  3. Under Configure your Identity provider, in Identity Provider display name, add a unique, user-friendly name for the IdP. This name will appear on the Digital.ai Platform login page.
  4. Click Next.

Step 2: Config identity provider and metadata Page

On the Config identity provider and metadata page, do the following:

  1. Copy the Redirect URI.

  2. Now, in another browser window, you'll need to move over to your IdP account and use the Redirect URI to identify the Digital.ai Platform as a valid redirect URL. The process for completing this task will differ depending on which IdP you use. After you do this, you should be able to find the .well-known endpoint if you hadn't already.

    note

    Depending on your role in your organization, you may need assistance from IT or whoever manages SSO administration at your company.

  3. Select I have the metadata URL for my identity provider and paste the .well-known endpoint into the Enter Metadata URL field.

    • You can alternatively choose one of the other options here if it makes more sense for your situation.

  4. Click Import.

  5. Click Next.

Step 3: General Page

On the General page, do the following:

Depending on the selection you made in the previous step, the majority of fields may be automatically filled in.

  1. In Client ID, paste the Client ID value from the prerequisites.
  2. In Client Secret, paste the Client Secret value from the prerequisites.
  3. Click Next.

Step 4: Advanced config Page

This is an advanced configuration page and is optional. Depending on the selection you made in the previous step, some of the fields may be automatically filled in.

  1. Review the page and make any necessary selections.
  2. Ensure that Sync Mode is set to FORCE. Sync Mode is set to FORCE by default, which allows Digital.ai to update a stored user's data whenever it is changed in the IdP. If you set it to IMPORT, user data is only imported the first time they log in through the IdP.
  3. Click Next.

Step 5: Mappers Page

Mappers are optional, but can be useful if there are differences between data attribute names in your IdP and those expected by Digital.ai. For more information about mappers and how to configure them on this page if necessary, see Map User Data.

Step 6: Summary Page

  1. On the Summary page you can review the configuration details.
  2. Click Create identity provider.

A new button will now appear on the Digital.ai Platform login page with the name you added at the beginning of this procedure.

Last updated on