Example SSO Configurations
The following is a list of Identity Providers (IP) we’ve tested with. Other IPs could also be used for Platform6 SSO but unless they are fully OIDC compliant (implicit flow), will probably require some assistance from support to get the configuration correct.
In each case below we’ve added the IP console URL and an indication of the UI menu options required to access the OIDC configuration. We have no control over IPs user interface design and the URLs and menu points may change over time.
OIDC Identity Providers (Implicit Flow)¶
Google¶
https://console.developers.google.com/apis/credentials
(Create Credentials -> Create an OAuth Client ID)
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopesopenid | email profile |
| oidc.provider.url | https://accounts.google.com |
| oidc.client.id | [id allocated via the Google app console] |
Microsoft Azure¶
(Azure Active Directory -> App Registrations -> New registration))
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopes | openid |
| oidc.provider.url | https://login.microsoftonline.com/[Microsoft supplied tenant id] |
| oidc.email.claim | upn |
| oidc.client.id | [Microsoft supplied client id] |
| oidc.claim.stringlist.match | groups=[Microsoft supplied group id] |
Ping Identity¶
https://[Ping Host]:9999/pingfederate
(OAuth Server -> OpenID Connect Implicit Client Profile)
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopes | openid email |
| oidc.provider.url | https://[Ping Federate Host]:9031 |
| oidc.client.id | im_oic_client |
Microsoft Server 2016 AD FS¶
(AD FS Management -> Add Application Group…)
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopes | openid |
| oidc.provider.url | https://[host.server.domain]]/adfs |
| oidc.email.claim | upn |
| oidc.client.id | [AD FS supplied client id] |
| oidc.end.session.with.hint | true |
Identity Providers (Custom Hybrid Flows)¶
GitHub¶
https://github.com/organizations/[organization]/settings/applications
(Settings -> Applications -> New OAuth App)
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopes | user:email |
| oidc.userinfo.endpoint | https://api.github.com/user |
| oidc.flow.implicit | false |
| oidc.client.secret | [Supplied by GitHub when defining an OAuth Application] |
| oidc.client.id | [Supplied by GitHub when defining an OAuth Application] |
| oidc.response.type | code |
| oidc.authorization.endpoint | https://github.com/login/oauth/authorize |
| oidc.token.endpoint | https://github.com/login/oauth/access_token |
| oidc.discovery | false |
LinkedIn¶
https://www.linkedin.com/developers/apps
(Create App -> Auth)
| Property Name | Value |
|---|---|
| oidc.authorize.request.scopes | r_emailaddress |
| oidc.userinfo.endpoint | https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~)) |
| oidc.email.claim | emailAddress |
| oidc.flow.implicit | false |
| oidc.client.secret | [Supplied by the LinkedIn developer console] |
| oidc.client.id | [Supplied by the LinkedIn developer console] |
| oidc.response.type | code |
| oidc.authorization.endpoint | https://www.linkedin.com/oauth/v2/authorization |
| oidc.token.endpoint | https://www.linkedin.com/oauth/v2/accessToken |
| oidc.discovery | false |