Skip to content

Example SSO Configurations

The following is a list of Identity Providers (IP) we’ve tested with. Other IPs could also be used for Platform6 SSO but unless they are fully OIDC compliant (implicit flow), will probably require some assistance from support to get the configuration correct.

In each case below we’ve added the IP console URL and an indication of the UI menu options required to access the OIDC configuration. We have no control over IPs user interface design and the URLs and menu points may change over time.

OIDC Identity Providers (Implicit Flow)

Google

https://console.developers.google.com/apis/credentials

(Create Credentials -> Create an OAuth Client ID)

Property Name Value
oidc.authorize.request.scopesopenid email profile
oidc.provider.url https://accounts.google.com
oidc.client.id [id allocated via the Google app console]

Microsoft Azure

https://portal.azure.com

(Azure Active Directory -> App Registrations -> New registration))

Property Name Value
oidc.authorize.request.scopes openid
oidc.provider.url https://login.microsoftonline.com/[Microsoft supplied tenant id]
oidc.email.claim upn
oidc.client.id [Microsoft supplied client id]
oidc.claim.stringlist.match groups=[Microsoft supplied group id]

Ping Identity

https://[Ping Host]:9999/pingfederate

(OAuth Server -> OpenID Connect Implicit Client Profile)

Property Name Value
oidc.authorize.request.scopes openid email
oidc.provider.url https://[Ping Federate Host]:9031
oidc.client.id im_oic_client

Microsoft Server 2016 AD FS

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-openid-connect-with-ad-fs

(AD FS Management -> Add Application Group…)

Property Name Value
oidc.authorize.request.scopes openid
oidc.provider.url https://[host.server.domain]]/adfs
oidc.email.claim upn
oidc.client.id [AD FS supplied client id]
oidc.end.session.with.hint true

Identity Providers (Custom Hybrid Flows)

GitHub

https://github.com/organizations/[organization]/settings/applications

(Settings -> Applications -> New OAuth App)

Property Name Value
oidc.authorize.request.scopes user:email
oidc.userinfo.endpoint https://api.github.com/user/emails
oidc.flow.implicit false
oidc.client.secret [Supplied by GitHub when defining an OAuth Application]
oidc.client.id [Supplied by GitHub when defining an OAuth Application]
oidc.response.type code
oidc.authorization.endpoint https://github.com/login/oauth/authorize
oidc.token.endpoint https://github.com/login/oauth/access_token
oidc.discovery false

LinkedIn

https://www.linkedin.com/developers/apps

(Create App -> Auth)

Property Name Value
oidc.authorize.request.scopes r_emailaddress
oidc.userinfo.endpoint https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
oidc.email.claim emailAddress
oidc.flow.implicit false
oidc.client.secret [Supplied by the LinkedIn developer console]
oidc.client.id [Supplied by the LinkedIn developer console]
oidc.response.type code
oidc.authorization.endpoint https://www.linkedin.com/oauth/v2/authorization
oidc.token.endpoint https://www.linkedin.com/oauth/v2/accessToken
oidc.discovery false

Sidetrade

https://cloud-int-[platform-id]-web-admin.sidetrade.com/Clients

(CreateNew)

Property Name Value
oidc.end.session.with.hint true
oidc.authorize.request.scopes openid profile
oidc.client.id [Supplied by the Sidetrade platform admin console]
oidc.email.claim Email
oidc.given.name.claim FirstName
oidc.family.name.claim LastName
oidc.flow.implicit false
oidc.discovery false
oidc.token.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/connect/token
oidc.userinfo.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/connect/userinfo
oidc.authorization.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/connect/authorize?vendorId=[vendor-id]
oidc.end.session.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/connect/endsession
oidc.response.type code
oidc.authorize.use.state true
oidc.pkce true
oidc.pkce.method S256