Setup an external OIDC identity provider

To allow customers to sign in using an external OpenID Connect (OIDC) identity provider, add the provider configuration in Enterprise login.

To create the login provider

Following these steps will enable you to set up an external OIDC identity provider (and your application).

1. In the Admin Console, go to Identities → Enterprise login.

2. Select Create.

3. Choose OpenID as the provider type.

4. Complete the settings in the left-hand side panel. These fields define how the provider appears to customers and how profile data is handled.

   Field name	Description
   Name	Enter a display name for the provider.
   Description	Optional. Add notes to help other administrators identify the configuration.
   Policy tag	Select an optional tag to apply to this provider.
   Login button text	Customize the text displayed on the login button for this provider.
   Login button logo URL	Enter a URL for the logo shown on the login button.
   Synchronize and store profile data at each login	Retrieve and update profile data from the IdP each time a customer signs in.
   Only store mapped values	Store only attributes mapped to identity store fields. If disabled, full metadata from the IdP is retained for troubleshooting.

5. Complete the settings in the Configuration tab. These settings define how Strivacity connects to and authenticates with the external identity provider.

   Field name	Description
   Client ID	The unique identifier issued by the external identity provider for your integration.
   Client secret	The shared secret issued by the identity provider, used to authenticate Strivacity to the IdP.
   Token endpoint authorization method override	Defines how the token endpoint authenticates the client (Default, Basic, or Post).
   Auto discovery	Enable this option to automatically populate endpoint URLs.
   Auto discovery URL	Optional. Provide the OIDC discovery URL if auto-discovery is disabled.
   Authorization endpoint	The URL where customers are redirected for authentication at the external IdP.
   Token endpoint	The URL where Strivacity exchanges the authorization code for an access token.
   Issuer	The identifier for the IdP issuing the tokens. Used for validation and trust verification.
   Userinfo endpoint	The URL where Strivacity retrieves customer profile information after authentication.
   JWKS endpoint	The URL where Strivacity retrieves the IdP’s JWKS to validate token signatures.
   Scopes	Select standard scopes (Open ID, Profile, Email) or add extra scopes as needed.
   ACR values	Define an authentication context class reference.
   Enable message-level encryption	If required by your IdP, enable encryption for message exchange.
   Private key	Upload the private key used to decrypt incoming messages when message-level encryption is enabled.

6. Select Save to create the provider.

7. After saving, open the Claim mappings tab to map IdP claims to your identity store fields.

8. Select Save again.

📘

Enable Only store mapped values after testing to avoid retaining unnecessary data from the IdP.