OpenId Connect

This page is under construction

OpenId Connect (OIDC) is our recommended protocol for setting up SSO, ahead of SAML2p. This page contains a general guide on how to set up single sign on using OpenId Connect.

If you are using Azure AD as your identity provider, we recommend using our Talentech app in the Azure app gallery, which will give a simpler setup process. The Azure AD guide can be found here.

Before you start following this guide, you should check if we have a more specific guide for your identity provider of choice in the section Provider specific guides.

Configuration

SSO is a paid service, so to get started please get in touch with your Talentech contact person or contact sso-setup@talentech.com.

Our implementation consultants need to know the following bits of information:

  1. Your identity provider’s OpenIdConnect discovery document URL, typically found at
    https://your-idp-authority/../.well-known/openid-configuration

  2. A set of client ID and client secret that will be used to authenticate Talentech ID with your identity provider.

Once we get these pieces of info, we will create a configuration and send you the following urls, which need to be whitelisted in your system:

  1. Redirect URL

  2. Post logout redirect URL

Testing

Once the setup is complete, the configuration can be tested. This will be done without affecting any of your active users.

We will send you a link that you can use to verify that the configuration is working correctly. This will trigger the login process by redirecting you from Talentech ID to your identity provider. Once you sign in, you’ll be redirected back to Talentech ID where you’ll be shown a test report.

If the test report indicates that everything works correctly, we can safely enable the SSO login option for all your users. This can be done at a time that suits you.

Provider specific guides

We currently have the following provider specific setup guides available. These which describe how to set up the SSO configuration in your identity provider:

Azure AD Generic OIDC Setup Guide

Okta OIDC Setup Guide

Frequently asked questions:

Question:

Which OIDC flows are you currently supporting?

Answer:

We currently support the following OIDC login flows:

  • Authorization Code + PKCE (strongly recommended)

  • Implicit flow