Single Sign-On with OpenID / OpenID Connect

OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. It’s an alternative method used to enable Single Sign-On, which will allow end users to authenticate with their own organization’s Identity Provider to access UserVoice. It is an alternative to using SAML 2.0 authentication and authorization protocol.

Our OIDC implementation makes use of the Authorization Code flow.

Prerequisites

OpenID Connect enabled Identity Provider A UserVoice plan that includes OpenID Connect UserVoice admin log-in

Step 1: Provide your redirect URL to your IdP to generate client credentials and endpoints

https://.uservoice.com/auth/oidc/callback

Take note of the required field values to be retrieved:

1
2
3
4
5
6
7
8
9
Client ID
Client secret
Provider base URl
Authorization URl
Token URl
User info URl
Token scope
Email JSON path
GUID JSON path

Step 2: Navigate to UserVoice authentication settings and populate required fields from your Identity Provider

Navigate to “Settings” - “Web portal” - “User authentication”. Enable “Custom Authentication” and then choose “OpenID Connect”

Precise steps to generate and obtain the following fields will vary between identity providers and your application. For this reason we aren’t able to provide detailed explanations in this guide, which is meant to be general.

Fields marked * are required.

Field Description
Client ID* Typically retrieved from your Idp
Client secret* Typically retrieved from your Idp
Provider base URl* Typically retrieved from your Idp
Authorization URl* Typically retrieved from your Idp
Token URl* Typically retrieved from your Idp
User info URl* Typically retrieved from your Idp
Token scope* Typically openid.
Email JSON path* Typically retrieved from your Idp.
GUID JSON path* Typically retrieved from your Idp. Must be unique for each user.
Name JSON path Typically retrieved from your Idp.
Avatar URL JSON path: sed for the UserVoice user’s profile image.
External Account JSON path Used for the account ID
Remote Logout URL Typically retrieved from your Idp. URL that will sign-out the user.
Button Label Will show as a button after “Sign in with” when OIDC is your only form of authentication.

If you have any questions or run into issues, please reach out to support@uservoice.com and if you can, include your identity provider and any error messages in your email. Thanks!

Didn’t find what you’re looking for?

Check out the UserVoice knowledgebase for more documentation.

Explore the Knowledgebase