Skip to content

Setting up SSO with OpenID Connect

This article takes an administrator through the process of setting up SSO using OpenID Connect (OIDC).

OIDC dramatically simplifies the configuration process required with an Identity Provider (IdP). If your chosen provider supports OIDC—including Azure Active Directory, Okta, and OneLogin—you can set up SSO by following the steps below.

Set up the app with your IdP

You must provide a Sign-in Redirect URL (or equivalent) within your IdP configuration:

Text Only
https://[your-server]/OrbitAPI/signin-oidc

Make a note of the following from your IdP:

  • Authority URL
  • OIDC Client ID
  • OIDC Client Secret

Orbit API configuration

To configure the Orbit API:

  1. Open the Orbit API Configurator.
  2. Click General > External login service options.
  3. Select OpenIdConnect from the Protocol drop-down menu.
  4. Paste in the values for Authority URL, OIDC Client ID, and OIDC Client Secret.

    OpenIDConnect Protocol selected with credentials entered

Allow auto-registration (optional)

This step allows auto-registration for unknown users logging in via SSO for the first time. Users are created automatically without needing to be created in advance.

To allow auto-registration:

  1. Click Test > Session service.
  2. Check Allow auto-registration for unknown users logged in via Single Sign-On providers.

    Auto-registration option in Session service settings