How set up OpenID Connect
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol and supported by some OAuth 2.0 providers, such as Google and Azure Active Directory.
It defines a sign-in flow that enables a client application to authenticate a user, and to obtain information (or "claims") about that user, such as the user name, email, and so on. User identity information is encoded in a secure JSON Web Token (JWT), called ID token. OpenID Connect defines a discovery mechanism, called OpenID Connect Discovery, where an OpenID server publishes its metadata at a well-known URL, typically https://server.com/.well-known/openid-configuration. This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details. The clients can use this information to construct a request to the OpenID server.
How to add OpenID Connect to your Workspace
- In your Workspace navigate to the Security Settings at yourworkspace.ideanote.io/settings/security.
- Under Sign-In Options Click Add and chose OpenID Connect
- Go through the Setup Dialog that appears
- Provide the Identifier for the OpenID Connect Issuer you want to integrate with
- Define the Sign-In button text and Icon (Optional)
- Define allow-lists for IP and email domain ranges (Optional)
- Copy the Ideanote OAuth Redirect URL and provide it to your OpenID Connect Issuer you are integrating with
- Provide Client ID, Client Secret, Authorization Endpoint, Token Endpoint and User Info Endpoint
- Save the Configuration
- Test and verify the OpenID Connect Authentication Method
- Optionally, remove other Authentication Methods in the Workspace