Skip to content

Example SSO Configurations

The following is a list of Identity Providers (IP) we’ve tested with. Other IPs could also be used for Platform6 SSO but unless they are fully OIDC compliant (implicit flow), will probably require some assistance from support to get the configuration correct.

In each case below we’ve added the IP console URL and an indication of the UI menu options required to access the OIDC configuration. We have no control over IPs user interface design and the URLs and menu points may change over time.

OIDC Identity Providers (Implicit Flow)

Google

https://console.developers.google.com/apis/credentials

(Create Credentials -> Create an OAuth Client ID)

Property Name Value
oidc.authorize.request.scopesopenid email profile
oidc.provider.url https://accounts.google.com
oidc.client.id [id allocated via the Google app console]

Microsoft Azure

https://portal.azure.com

(Azure Active Directory -> App Registrations -> New registration))

Property Name Value
oidc.authorize.request.scopes openid
oidc.provider.url https://login.microsoftonline.com/[Microsoft supplied tenant id]
oidc.email.claim upn
oidc.client.id [Microsoft supplied client id]
oidc.claim.stringlist.match groups=[Microsoft supplied group id]

Ping Identity

https://[Ping Host]:9999/pingfederate

(OAuth Server -> OpenID Connect Implicit Client Profile)

Property Name Value
oidc.authorize.request.scopes openid email
oidc.provider.url https://[Ping Federate Host]:9031
oidc.client.id im_oic_client

Microsoft Server 2016 AD FS

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-openid-connect-with-ad-fs

(AD FS Management -> Add Application Group…)

Property Name Value
oidc.authorize.request.scopes openid
oidc.provider.url https://[host.server.domain]]/adfs
oidc.email.claim upn
oidc.client.id [AD FS supplied client id]
oidc.end.session.with.hint true

Identity Providers (Custom Hybrid Flows)

GitHub

https://github.com/organizations/[organization]/settings/applications

(Settings -> Applications -> New OAuth App)

Property Name Value
oidc.authorize.request.scopes user:email
oidc.userinfo.endpoint https://api.github.com/user/emails
oidc.flow.implicit false
oidc.client.secret [Supplied by GitHub when defining an OAuth Application]
oidc.client.id [Supplied by GitHub when defining an OAuth Application]
oidc.response.type code
oidc.authorization.endpoint https://github.com/login/oauth/authorize
oidc.token.endpoint https://github.com/login/oauth/access_token
oidc.discovery false

LinkedIn

https://www.linkedin.com/developers/apps

(Create App -> Auth)

Property Name Value
oidc.authorize.request.scopes r_emailaddress
oidc.userinfo.endpoint https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
oidc.email.claim emailAddress
oidc.flow.implicit false
oidc.client.secret [Supplied by the LinkedIn developer console]
oidc.client.id [Supplied by the LinkedIn developer console]
oidc.response.type code
oidc.authorization.endpoint https://www.linkedin.com/oauth/v2/authorization
oidc.token.endpoint https://www.linkedin.com/oauth/v2/accessToken
oidc.discovery false