Single Sign-On with OpenID / OpenID Connect
OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. It’s an alternative method used to enable Single Sign-On, which will allow end users to authenticate with their own organization’s Identity Provider to access UserVoice. It is an alternative to using SAML 2.0 authentication and authorization protocol.
Our OIDC implementation makes use of the Authorization Code flow.
Prerequisites
OpenID Connect enabled Identity Provider A UserVoice plan that includes OpenID Connect UserVoice admin log-in
Step 1: Provide your redirect URL to your IdP to generate client credentials and endpoints
https://
Take note of the required field values to be retrieved:
1 2 3 4 5 6 7 8 9 | |
Step 2: Navigate to UserVoice authentication settings and populate required fields from your Identity Provider
Navigate to “Settings” - “Web portal” - “User authentication”. Enable “Custom Authentication” and then choose “OpenID Connect”
Precise steps to generate and obtain the following fields will vary between identity providers and your application. For this reason we aren’t able to provide detailed explanations in this guide, which is meant to be general.
Fields marked * are required.
| Field | Description |
|---|---|
| Client ID* | Typically retrieved from your Idp |
| Client secret* | Typically retrieved from your Idp |
| Provider base URl* | Typically retrieved from your Idp |
| Authorization URl* | Typically retrieved from your Idp |
| Token URl* | Typically retrieved from your Idp |
| User info URl* | Typically retrieved from your Idp |
| Token scope* | Typically openid. |
| Email JSON path* | Typically retrieved from your Idp. |
| GUID JSON path* | Typically retrieved from your Idp. Must be unique for each user. |
| Name JSON path | Typically retrieved from your Idp. |
| Avatar URL JSON path: | sed for the UserVoice user’s profile image. |
| External Account JSON path | Used for the account ID |
| Remote Logout URL | Typically retrieved from your Idp. URL that will sign-out the user. |
| Button Label | Will show as a button after “Sign in with” when OIDC is your only form of authentication. |
If you have any questions or run into issues, please reach out to support@uservoice.com and if you can, include your identity provider and any error messages in your email. Thanks!