Unify and manage your data

SSO Configuration Based on OIDC

Configure OpenID Connect (OIDC) based Single Sign-On (SSO).

Watch this video to learn to configure OIDC Single Sign-on.

To configure OIDC Single Sign-On for the tenant:

  1. In Console, select SSO Configuration.
  2. In the SSO Configuration page, click CONFIGURE OIDC. You will see the SSO - OIDC Configuration page

    The OIDC Configuration page can be divided into the following four sections:

    • Default Settings
    • Roles Settings
    • Groups Settings
    • JSON Web Token Settings
  3. Enter the Default Settings as described in Table 1: Default Settings.

    Table 1. OIDC Default Settings
    FieldDescription
    VendorFrom the dropdown, select the name of the OIDC Identity Provider. This is a mandatory field.
    Client IDEnter the client ID provided by the Identity Provider (IdP). This is a mandatory field.
    Client SecretEnter the client secret provided by the IdP. This is a mandatory field.
    User email mappingEnter the OIDC attribute from the Identity Provider that will be mapped to the email ID in Reltio.
    User ID mappingEnter the OIDC attribute from the Identity Provider that will be mapped to the user name in Reltio.
    ScopeEnter the scope of the OIDC that is returned in the ID token.
  4. Enter the Role Settings as described in Table 2:Role Settings.
    Table 2. OIDC Role Settings
    FieldDescription
    Default RolesSpecify the default roles that each new user will receive on logging into the tenant. Click the arrow to view and select roles.
    Manage Roles in IdPThis checkbox denotes whether roles are to be managed in IdP or in Reltio. Select this checkbox to manage roles in IdP. Clear this checkbox to manage roles in Reltio.
    Note: If you select this checkbox, roles are copied from IdP and Reltio roles are ignored. If you opt to manage roles in Reltio, the IdP roles will not be copied into Reltio and only Reltio roles will be used.
    Roles OIDC attributeEnter the OIDC attribute that will be mapped to the user roles in Reltio. You will see this field only if you have selected the the Manage Roles in IdP checkbox. This is a mandatory field.
    Role regular expressionSelect the regular expression to be used to extract roles from the OIDC attribute. Select .csv to specify comma separated values or enter the regular expression in the field provided. You will see this field only if you have selected the Manage Roles in IdP checkbox.
  5. Enter Group Settings as specified in Table 3: OIDC Group Settings.

    Table 3. OIDC Group Settings
    FieldDescription
    Default GroupsSelect the default groups that the user will be part of as soon as they log in to the tenant. Click on the arrow to view and select groups.
    Manage Groups in IdPThis checkbox denotes whether groups are to be managed in IdP or in Reltio. Select this checkbox to manage groups in IdP. Clear this checkbox to manage groups in Reltio.
    Note: If you select this checkbox, groups are copied from IdP and Reltio groups are ignored. If you opt to manage groups in Reltio, the IdP groups will not be copied into Reltio and only Reltio groups will be used.
    Group OIDC attributeEnter the OIDC attribute that will be mapped to the groups in Reltio. You will see this field only if you have selected the Manage groups in IdP checkbox. This is a mandatory field.
    Group regular expressionEnter the regular expression to be used to extract groups from the OIDC attribute. Select .csv to specify comma separated values or enter the regular expression in the field provided.

    You will see this field only if you have selected the Manage groups in IdP checkbox.

  6. Under JSON Web Token Settings, select Manage JWT if your Identity Provider is going to provide the JSON Web Token (JWT) token.
    Note: If you select this checkbox, then the JWT token will be verified and decoded in the Reltio Auth server itself. Otherwise, Reltio Auth server will perform the user-info endpoint calls to the SSO server to verify and decode the token in the SSO provider server.
  7. The following fields are enabled when you select this check box.

    Table 4. OIDC JSON Web Token Settings
    FieldDescription
    Manage jwtSelect this checkbox to specify the settings for signing JSON Web Tokens.
    AlgorithmThe algorithm used to sign and secure the JWT. Reltio supports only RSA256 which is the most widely recommended one.
    IssuerEnter the URL of the SSO provider, added as part of the token.
    jwksURLEnter URL to download the public keys JSON of the SSO server. This is needed for verifying the Id token.
  8. Enter the Endpoint Settings as specified in Table 4: Endpoint Settings.
    Table 5. Endpoint Settings
    FieldDescription
    Callback endpointEnter the OAuth callback endpoint URI. Click the Copy icon to copy this endpoint URI and configure it in your Identity Provider settings.
    Login endpointEnter the OAuth login endpoint URI provided by your Identity Provider.
    Revoke endpointEnter the OAuth revoke token endpoint URI provided by your Identity Provider.
    Token endpointEnter the OAuth token endpoint URI provided by your Identity Provider.
    User info endpointEnter the external OAuth user info endpoint URI.
  9. Click CONFIGURE that is available at the top of the page. Your SSO-OIDC is now configured.