Versions Compared

Old Version 9

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Overview

OpenID is an open standard that provides user authentication (identity) features and is built upon OAuth 2.0 flows. Like SAML, it uses an external identity provider (IdP) to authenticate the user and enables single sign-on (SSO). While there are several underlying technical differences between SAML and OpenID, the most important differences are that OpenID is a lighter-weight protocol and requires explicit user consent to access as part of its communication flows.

...

  1. Go to the Authentication tab in Preferences → Domain Preferences.

  2. In the OpenID tab, select the Active checkbox.

  3. Below are the fields that you will see in the form. Once you generate the required values in your IdP and entering enter them in this form, click Update to finish the process. Users will now be able to login to into their Devo domains using the IdP credentials:

...

Follow these steps if you want users to log in to Devo using their Google credentials:

Rw ui steps macro
Rw step

First, go to the Preferences → Domain Preferences → Authentication, open the OpenID tab and select the Active checkbox.

Rw step

Now, create or open a project in the Google Cloud Platform.

Rw step

Go to the OAuth consent screen to select the privacy level of the application. Choose Public if you want any user with a Google account to access the redirect URI, or Private if you want only users in the Devo organization to access it. You must also enter an Authorized domain (devo.com).

Rw step

Now go to Credentials to create your project's OAuth 2.0 credentials, clicking Create credentials → OAuth client ID → Web application. In this screen, set the redirect URIs that determine where to send the responses to your authentication requests. You must enter the URL of the Devo cloud corresponding to your region, followed by /devo/openid

...

.

Rw step

A window will appear showing your client ID and secret. Copy and paste them

...

into the corresponding fields in Devo.

Rw step

Finally, enter the following values in the remaining fields:

...

Identify provider URL

...

https://accounts.google.com/o/oauth2/v2/auth

Token URL

...

https://oauth2.googleapis.com/token

Identity info query URL

...

https://openidconnect.googleapis.com/v1/userinfo

Rw step

If you check the User provisioning option, users not registered in the domain that access the URL will be automatically registered after authenticating with their Google credentials. Note that you must set the level of privacy to Public to allow external users to access the URL.

Rw step

Click Update. Now, users will be able to connect to the Devo domain by opening the URL in the Home URL field of the form. They will be taken to the Google site to enter their credentials, and then will be redirected to Devo.