Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Overview
OpenID is an open standard that provides user authentication (identity) features and is built upon OAuth 2.0 flows. Like SAML, it uses an external identity provider (IdP) to authenticate the user and enables single sign-on (SSO). While there are several underlying technical differences between SAML and OpenID, the most important differences are that OpenID is a lighter-weight protocol and requires explicit user consent to access as part of its communication flows.
...
Go to the Authentication tab in Preferences → Domain Preferences.
In the OpenID tab, select the Active checkbox.
Below are the fields that you will see in the form. Once you generate the required values in your IdP and entering enter them in this form, click Update to finish the process. Users will now be able to login to into their Devo domains using the IdP credentials:
...
Follow these steps if you want users to log in to Devo using their Google credentials:
Rw ui steps macro | ||||
---|---|---|---|---|
First, go to the Preferences → Domain Preferences → Authentication, open the OpenID tab and select the Active checkbox.
Now, create or open a project in the Google Cloud Platform.
Go to the OAuth consent screen to select the privacy level of the application. Choose Public if you want any user with a Google account to access the redirect URI, or Private if you want only users in the Devo organization to access it. You must also enter an Authorized domain (devo.com).
Now go to Credentials to create your project's OAuth 2.0 credentials, clicking Create credentials → OAuth client ID → Web application. In this screen, set the redirect URIs that determine where to send the responses to your authentication requests. You must enter the URL of the Devo cloud corresponding to your region, followed by /devo/openid |
...
.
A window will appear showing your client ID and secret. Copy and paste them |
...
into the corresponding fields in Devo.
Finally, enter the following values in the remaining fields: |
...
|
...
|
...
|
...
If you check the User provisioning option, users not registered in the domain that access the URL will be automatically registered after authenticating with their Google credentials. Note that you must set the level of privacy to Public to allow external users to access the URL.
Click Update. Now, users will be able to connect to the Devo domain by opening the URL in the Home URL field of the form. They will be taken to the Google site to enter their credentials, and then will be redirected to Devo. |