OIDC
Introduction
OIDC support enables users to log in using an identity provider, rather than requiring the admin user to create them manually.
OneLogin Setup
- Create a new application in OneLogin
- Search for the OIDC type
- In the SSO tab, copy the Client ID and Client Secret
- Click the
Well-known Configurationlink. Copy the URL from the address bar and use it as the discovery URI - Ensure
Authentication MethodisPOST(notBasic) - Use this information to create the OIDC configuration in the VPN Server
- Note: When adding the OIDC configuration in the VPN Server, make sure to remove
offline_accessfrom the scopes.
- Note: When adding the OIDC configuration in the VPN Server, make sure to remove
- Once the configuration is created, copy the
redirect URIand add it to theRedirect URIstext box in theConfigurationtab - A new login button will appear when you try to log in to the VPN. If you also want to initiate login from the OneLogin portal, copy the
Login URLand add it to theLogin URLtext box inConfigurationin OneLogin
Azure OIDC Setup
- Go to Microsoft AD / Microsoft Entra ID
- Click on
manage, thenapp registrations - Click on
New registration - Give it a name. If you only want organization users to log in, use the
Single Tenantoption - You can fill out the Redirect URI later, after completing the OIDC configuration in the VPN Server
- Once the
registrationis created, copy the Client ID and create a new Client Secret - The Discovery URI can be found by clicking on
Endpoints. The correct URL is underOpenID Connect metadata document - Use this information to create the OIDC connection in the VPN Server
- Once the VPN server shows you the
redirect URI, copy this link, browse to theAuthenticationpage in the Azure portal under the sameApp registration, and enter it under theWeb Redirect URIs