OpenID Connect (OIDC) is configured a lot like AAD. You’ll need to provide 3 pieces of information:
The authority: The URL for the authentication server, e.g., Azure.
The ClientId: Provided by the authority. This is usually some random string.
The ClientSecret: This too is provided by the authority. This is also a random string.
Once you have gathered the above, go to the MM’s SSO settings. Here, select “OpenIDConnect” as the method, and fill out the data.
As many OIDC providers are out there, we don’t provide documentation for any specific provider. This said we do need to be given an implicit grant of “ID Tokens”.
In addition to this, the OIDC provider will likely need the login service’s Redirect URL, which for OIDC is:
https://{damurl}/digizuitecore/loginservice/signin-oidc
SSO-initiated logout
When setting up the OpenID Connect SSO provider in MM, it is possible to tick enable the option Verify refresh tokens on access key refresh
.
If this option is enabled, a request will be sent to the SSO provider when the access key of user needs to be refreshed, checking if the user is still logged in. Enabling the Verify refresh tokens on access key refresh
option therefore allows the SSO provider to initiate a user to be logged out or having all access rights revoked.
Since a network request has to made to the SSO provider when refreshing an access key, refreshing an access key can take a bit longer.