OpenID Connect (OIDC) is an authentication protocol built on top of the OAuth 2.0 framework. It allows users to sign in to multiple applications using a single set of credentials from their Identity Provider, without needing a separate password for each application.
In Document360, OpenID Connect works the same way as SAML. Your Identity Provider (IdP) verifies the user's identity and sends a token to Document360, which grants access. The key difference is the underlying protocol: OIDC uses JSON Web Tokens (JWT) and OAuth 2.0 flows, while SAML uses XML-based assertions.
Why use OpenID Connect
- Modern protocol. OIDC is built on OAuth 2.0 and is widely supported by cloud-based identity providers.
- Centralized access control. Manage who can access Document360 from your existing identity platform without creating separate accounts.
- Improved security. Authentication happens through your IdP, which can enforce MFA, conditional access policies, and session controls.
- Better user experience. Users sign in once through their organization's portal and access Document360 directly.
- Simplified offboarding. Deactivating a user in your IdP immediately prevents access to Document360.
How OpenID Connect authentication works in Document360
- The user navigates to Document360 and clicks the SSO login button.
- Document360 redirects the user to the configured Identity Provider.
- The IdP authenticates the user.
- The IdP issues an ID token containing the user's identity information.
- Document360 validates the token and grants the user access.
SAML vs OpenID Connect
Not sure which protocol to use? Here is a quick comparison.
| SAML | OpenID Connect | |
|---|---|---|
| Protocol base | XML-based | OAuth 2.0 / JSON-based |
| Best for | Enterprise, on-premises IdPs | Cloud-based IdPs |
| Token format | XML assertions | JSON Web Tokens (JWT) |
| Supported in Document360 | Yes | Yes |
| SCIM provisioning | Yes (select providers) | Yes (select providers) |
If your organization uses a cloud-based identity provider such as Okta or Auth0, OpenID Connect is typically the recommended option. If you use an on-premises provider such as ADFS, SAML is the more common choice. Both protocols are fully supported by Document360.
Learn more about SAML in Document360 →
Supported Identity Providers
Document360 supports OpenID Connect SSO with the following Identity Providers. Select your provider to get started.
Other providers
Configure OpenID Connect SSO with any OIDC-compatible Identity Provider.
Set up other IdP →OpenID Connect capabilities by provider
| Identity Provider | User (portal) authentication | Reader authentication | SCIM provisioning |
|---|---|---|---|
| Okta | Yes | Yes | Yes |
| Auth0 | Yes | Yes | No |
| ADFS | Yes | Yes | Yes (via third-party tools) |
| Other providers | Yes | Yes | If supported by IdP |
Other OpenID Connect resources
Remove an OpenID Connect SSO
Learn how to safely remove a configured OpenID Connect SSO configuration.
Remove OIDC SSO →SCIM provisioning
Automate user and reader lifecycle management using SCIM with Okta.
Learn about SCIM →FAQ
Can I use OpenID Connect and SAML at the same time?
No. SAML and OpenID Connect are mutually exclusive in Document360. You can only have one active SAML or OIDC configuration per project at a time. However, either can coexist with a JWT configuration in the same project.
Which providers support SCIM provisioning with OpenID Connect?
Okta supports SCIM provisioning when configured as an OpenID Connect provider in Document360. ADFS supports SCIM provisioning via third-party tools. Auth0 does not support SCIM provisioning with OpenID Connect in Document360.
Should I use SAML or OpenID Connect for my organization?
If your organization uses a cloud-based identity provider such as Okta or Auth0, OpenID Connect is typically the recommended option. If you use an on-premises provider such as ADFS, SAML is the more common choice. Both protocols are fully supported by Document360.