Skip to main content

SSO with OIDC

IOMETE offers an interface to configure your SSO with OIDC for authentication.

OIDC

The following instructions describe how to use OIDC to authenticate account console users.

  1. As an account admin, log in to the IOMETE Console and click the Settings icon in the sidebar.

  2. Click the Single Sing-on tab under IAM.

  3. Choose OpenID connect.

  4. Copy the value in the IOMETE Redirect URI field.

  5. Go to your identity provider and create a new client application (web), entering the IOMETE Redirect URI value in the appropriate field in the identity provider configuration interface.

    • Your identity provider should have documentation to guide you through this process.

  6. Copy the OpenID issuer URL, client ID and client secret generated by the identity provider for the application.

    • OpenID issuer URL is the URL at which your identity-provider’s OpenID Configuration Document can be found. That OpenID Configuration Document must found be in {issuer-url}/.well-known/openid-configuration.
      • IOMETE uses Authorization Code as Grant type and Code as Response type.
      • IOMETE finds relevant endpoints in {issuer-url}/.well-known/openid-configuration to successfully authenticate and authorize users.
      • In the userinfo endpoint response, IOMETE looks for the following fields. Ensure that your identity provider has the relevant attribute mappings.
        1. preferred_username
        2. email
        3. given_name
        4. family_name
        5. name
      • Client ID is the unique identifier for the IOMETE application you created in your identity provider. This is sometimes referred to as the Application ID.
      • Client secret is a secret or password generated for the IOMETE application that you created. It is used to authorize IOMETE with your identity provider.

  7. Return to the IOMETE account console Settings > Single Sign-on > OpenID connect tab and enter values you copied from the identity provider application to the IDP URL, Client ID, Client secret fields.

  8. You will see the default values for the Scope. You can keep them as they are. Do not forget to enable these scopes for IOMETE application you created in identity provider.

SAML configuration | IOMETESAML configuration | IOMETE
  1. Click Save.
  2. Click Enable OIDC SSO to enable single sign-on for your account.
  3. Test account console login with SSO.
  4. Grant users access to the IOMETE application in your identity provider. You might need to modify the access permissions for the application.
info

To prevent getting locked out of IOMETE during single sign-on testing, IOMETE recommends keeping the account console open in a different browser window.