OpenID connect (OIDC) is an open standard that is built on the OAuth 2.0 protocol, which gives OpenID an additional layer of security.
There are three entities in this standard of the Single Sign-On process:
- The End user
- The Service provider (Document360 knowledge base)
- A third-party Identity Provider (IdP) either Okta or Auth0
How does OpenID Connect standard SSO work?
With OIDC (OpenID Connect) here is the flow of process when a user wants to access a Service provider.
- The user selects the OAuth on the Service provider page
- The user is redirected to the Identity Provider (IdP) page
- Using the credentials entered, the user is authenticated
- The IdP then sends an Access Token (credentials to provide access to API) back to the Service provider; an ID token (a JSON Web Token or JWT with the ID data) is also relayed on request
- The Service provider then retrieves the user info from the ID token or use the Access token to verify
- An SSO session is established between the IdP and Service provider
The user gains authorization to access the SSO enabled service provider (Document360) without having to authenticate with credentials for each instance.