Other configurations with OpenID SSO

Plans supporting single sign on (SSO)

Professional
Business
Enterprise






Before setting up Single Sign-On (SSO) between Document360 and an OpenID Identity Provider (IdP) not explicitly listed in Document360, ensure you have access to both Document360 and your chosen IdP. Please note that only users with Owner or Admin as Project role can configure SSO in Document360.

PRO TIP

It is recommended to open Document360 and the Identity Provider (IdP) in two separate tabs/browser windows, since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

Adding an Application in Your Identity Provider

You'll need to create a new OpenID application in your Identity Provider:

  1. Log in to your Identity Provider's admin console using your credentials.

  2. Navigate to the section where you can create or manage applications (often labeled as Applications, Enterprise Applications, or similar).

  3. Select the option to create a new application.

  4. Set up the basic settings for your new application:

    • Application Name: Enter a name, e.g., "Document360 OpenID SSO".

    • Application Type: Select OpenID Connect as the sign-in method.

  5. Save your application settings.

Configuring OpenID in Your Identity Provider

You will need to configure OpenID settings in your Identity Provider using parameters from Document360:

  1. Open Document360 in a separate tab or window.

  2. Navigate to Settings > Users & security > SAML/OpenID in Document360.

  3. Click the Create SSO button.

  1. Select Others as your Identity Provider (IdP) on the Choose your Identity Provider (IdP) page to navigate to the Configure the Service Provider (SP) page in Document360.

  1. Choose OpenID as the protocol in the Configure the Service Provider (SP) page in Document360.

This page will provide the required parameters for configuring OpenID in your Identity Provider. In your Identity Provider's OpenID configuration:

  • Subdomain name: Enter the Subdomain name provided by Document360.

  • Redirect URI: Enter the Sign in redirect URI and Sign out redirect URI provided by Document360.

Scope and Claims

Ensure that the following scopes and claims are included:

Scope

Description

openid

Required for OpenID authentication

email

Access to the user's email

profile

Access to the user's basic profile info

Map the required claims in your Identity Provider:

Claim

Value

sub

user ID or identifier

email

user.email

name

user.name

Review the settings and save your configuration.

Document360 OpenID SSO Configuration

Now, configure the SSO settings in Document360:

  1. Return to the Document360 tab/window displaying the Configure the Service Provider (SP) page and click Next to navigate to the Configure the Identity Provider (IdP) page.

  1. Enter the corresponding values from your Identity Provider:

Document360

Identity provider

Client ID

Client ID

Client Secret

Client Secret

Authority

Authorization URL or Endpoint

  1. Enter the requested details in Document360 and upload the necessary certificates or keys, if required.

  2. Toggle on/off the Allow IdP initiated sign in option based on your project needs.

  3. Click Next to proceed to the More settings page.

More Settings

In the More settings page, configure the following:

  • SSO name: Enter a name for the SSO configuration.

  • Customize login button: Enter the text for the login button displayed to users.

  • Auto assign reader group: Toggle on/off as needed.

  • Sign out idle SSO team account: Toggle on/off based on your requirements.

  • Choose whether to invite existing team and reader accounts to SSO.

  1. Click Create to complete the OpenID SSO configuration.