Company administrators have the ability to configure an integration with an Identity Provider to power Single Sign On (SSO). This article details how to configure an integration using the OpenID Connect (OIDC) protocol to facilitate SSO with the Oyster application. Learn more about the OIDC protocol here.
What's supported in the OIDC and Oyster integration
- Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Oyster HR.
Who are the identity providers using OIDC?
Here are some of the identity providers you can connect using OIDC:
- Microsoft Entra ID (formerly Azure Active Directory)
- Google Identity Platform
- Okta
- Amazon Cognito
- Keycloak
- OneLogin
- Ping Identity
Requirements
In order to proceed with configuring login with SSO through OIDC, you must:
- Be an administrator on your Identity Provider
- Have a company administrator account on the Oyster app
Important pointers before you start the process
- You won’t be able to enable the integration if at least one of the customer users on your company is already using SSO with another company.
- Once the OIDC integration is enabled, there is no way of changing the credentials used for the integration. You'll need to delete the integration and set up a new one if you need to update the credentials.
- OIDC SSO is supported for both admin and manager roles but not supported for your team members when they log into their Oyster account. Only account admins can set up the integration.
- You can only “Sign in” into your existing Oyster account using this OIDC SSO integration and not “Sign up”.
Steps
Follow these steps to set up an the integration between Oyster and your Identity Provider using OIDC:
|
|
|
|
|
|
|
Your Identity Provider using OIDC is now enabled for your users! Your eligible users will now be able to sign in using the SSO option on the sign-in page.