OIDC
Introduction
OIDC support enables users to log in using an identity provider, rather than having the users manually created by the admin user.
Onelogin Setup
- Create a new Application in Onelogin
- Search for the OIDC type
- In the SSO tab, Client ID and Client Secret can be copied
- Click on the
Well-known Configurationlink. Copy the URL from the URL bar and use this as the discovery URI - Ensure
Authentication MethodisPOST(notBasic) - Use this information to create the OIDC configuration in the VPN Server
- Note: When adding the OIDC configuration in the VPN Server, make sure to remove
offline_accessfrom the scopes.
- Note: When adding the OIDC configuration in the VPN Server, make sure to remove
- Once the configuration is created, you can copy the
redirect URIand add this in theredirect URI'stextbox in theConfigurationtab - A new login button will appear when trying to log in to the VPN. If you also want to initiate a login from the Onelogin portal, also copy the
Login URLand fill in out inLogin Urltextbox inConfigurationin Onelogin
Azure OIDC Setup
- Go to Microsoft AD / Microsoft Entra ID
- Click on
manage, thenapp registrations - Click on
New registration - Give it a name. If you only want organization users to login, use the
Single Tenantoption - Redirect URI can be filled out later, when we completed the OIDC configuration in the VPN Server
- Once the
registrationis created, you can copy the Client ID, create a new Client Secret - The Discovery URI can be found by clicking on
Endpoints. The correct URL is underOpenID Connect metadata document - Use this information to create the OIDC Connection in the VPN Server
- Once the VPN server shows you the
redirect URI, copy this link, browse to theAuthenticationpage in the Azure portal under the sameApp registration, and enter it under theWeb Redirect URIs