OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer on top of the OAuth 2.0 protocol, allowing clients to verify the identity of users and obtain their profile information. Integrating OIDC with DataGuard CPM enables you to use a third-party identity provider (IdP) for Single Sign-On (SSO).
Setting Up Authentication
To set up OIDC authentication, follow these steps:
1. Provide OIDC Details to DataGuard
Send the following information to your DataGuard customer success manager:
- Issuer URL: The URL of the IdP issuing the authentication tokens.
- Client ID: The ID for your application registered with the IdP.
2. Configure Callback URL
When setting up the SSO on your side, use the appropriate callback URL based on your environment:
| Environment | Auth0 URL |
|---|---|
| Sandbox | https://sandbox-consentric.eu.auth0.com/login/callback |
| Production EU | https://dgconsentde.eu.auth0.com/login/callback |
| Production UK | https://consentric.eu.auth0.com/login/callback |
Setting Up Authorisation
To authorise users in DataGuard CPM, follow these steps:
1. Configure Roles in the ID Token
Include the necessary roles in the ID Token as an array of strings under the following custom claim:
- Claim:
https://consentric:io/roles(note the use of a colon, not a dot)
2. Assign Roles to Users
The supported roles determine what users can access in DataGuard CPM:
["DG_Permissions_Agent", "DG_Permissions_Admin"]- DG_Permissions_Agent: Allows the user to view Citizen information.
- DG_Permissions_Admin: Allows the user to configure the CPM instance.
These guides now follow a consistent format, making it easier for users to understand and follow the steps for setting up Single Sign-On (SSO) with DataGuard CPM.
Updated about 2 months ago