OpenId Connect

This page is under construction

OpenId Connect (OIDC) is our recommended protocol for setting up SSO, ahead of SAML2p. This page contains a general guide on how to set up single sign on using OpenId Connect.

If you are using Azure AD as your identity provider, we recommend using our Talentech app in the Azure app gallery, which will give a simpler setup process. The Azure AD guide can be found here.

Before you start following this guide, you should check if we have a more specific guide for your identity provider of choice in the section Provider specific guides.


SSO is a paid service, so to get started please get in touch with your Talentech contact person or contact

Our implementation consultants need to know the following bits of information:

  1. Your identity provider’s OpenIdConnect discovery document URL, typically found at

  2. A set of client ID and client secret that will be used to authenticate Talentech ID with your identity provider.

Once we get these pieces of info, we will create a configuration and send you the following urls, which need to be whitelisted in your system:

  1. Redirect URL

  2. Post logout redirect URL


Once the setup is complete, the configuration can be tested. This will be done without affecting any of your active users.

We will send you a link that you can use to verify that the configuration is working correctly. This will trigger the login process by redirecting you from Talentech ID to your identity provider. Once you sign in, you’ll be redirected back to Talentech ID where you’ll be shown a test report (see screenshot 1).

If the test report indicates that everything works correctly, we can safely enable the SSO login option for all your users. This can be done at a time that suits you.

Screenshot 1 - Test login report summary


Provider specific guides

We currently have the following provider specific setup guides available. These which describe how to set up the SSO configuration in your identity provider:

Azure AD Generic OIDC Setup Guide

Okta OIDC Setup Guide

Frequently asked questions


Which OIDC flows are you currently supporting?


We currently support the following OIDC login flows:

  • Authorization Code + PKCE (strongly recommended)

  • Implicit flow



Which claims are required


We need the email address and a unique external identifier for the user. Full name and External tenant Id are also recommended.


Supported claim name



Supported claim name


External user id



This value must be unique for each user in your organization and should never change






The email address of the user. This will be used to match the user against the Talentech ID user account on first login

Full name



The user’s full name

External tenant id


If you are using Azure AD or some other multi-tenant IDP, you can provide that ID here.