---
title: "Other configurations with OpenID SSO"
slug: "other-configurations-with-openid-sso"
description: "Set up Single Sign-On (SSO) for Document360 with your OpenID Identity Provider. Follow our guide for seamless integration and configuration tips."
updated: 2026-05-29T06:21:05Z
published: 2026-05-30T09:30:01Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.document360.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Other configurations with OpenID SSO

Before setting up Single Sign-On (SSO) between Document360 and an OpenID Identity Provider (IdP) not explicitly listed in Document360, ensure you have access to both Document360 and your chosen IdP. Please note that only users with **Owner** or **Admin**as **Project role** can configure SSO in Document360.

> [!TIP]
> ** PRO TIP
> 
> It is recommended to open **Document360**and the **Identity Provider (IdP)**in two separate tabs/browser windows, since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

## Adding an Application in Your Identity Provider

You'll need to create a new OpenID application in your Identity Provider:

1. Log in to your Identity Provider's admin console using your credentials.
2. Navigate to the section where you can create or manage applications (often labeled as **Applications**, **Enterprise Applications**, or similar).
3. Select the option to create a new application.
4. Set up the basic settings for your new application:
  - **Application Name**: Enter a name, e.g., "Document360 OpenID SSO".
  - **Application Type**: Select **OpenID Connect** as the sign-in method.
5. Save your application settings.

## Configuring OpenID in Your Identity Provider

You will need to configure OpenID settings in your Identity Provider using parameters from Document360:

1. Open Document360 in a separate tab or panel.
2. Navigate to **Settings > Users & permissions > SSO Configuration** in Document360.
3. Click the **Create SSO** button.

![Settings page displaying SSO configuration options and user permissions for identity providers.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/create sso(8).png)

1. Select **Others** as your Identity Provider (IdP) on the **Choose your Identity Provider (IdP)** page to navigate to the **Configure the Service Provider (SP)** page in Document360.

![Select your Identity Provider for SSO configuration from the available options listed.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/okta eu(8).png)

1. Choose **OpenID** as the protocol in the **Configure the Service Provider (SP)** page in Document360.

![Configuration settings for OpenID SSO with subdomain and redirect URIs highlighted.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/openid.png)

1. This page will provide the required parameters for configuring OpenID in your Identity Provider. In your Identity Provider's OpenID configuration enter the parameters as shown below.

| Your IdP | Document360 |
| --- | --- |
| Subdomain name | Subdomain name |
| Redirect URL | Sign in redirect URL |
| Redirect URL | Sign out redirect URL |

### Scope and Claims

Ensure that the following scopes and claims are included:

| **Scope** | **Description** |
| --- | --- |
| **openid** | Required for OpenID authentication |
| **email** | Access to the user's email |
| **profile** | Access to the user's basic profile info |

Map the required claims in your Identity Provider:

| **Claim** | **Value** |
| --- | --- |
| **sub** | user ID or identifier |
| **email** | user.email |
| **name** | user.name |

Review the settings and save your configuration.

## Document360 OpenID SSO Configuration

Now, configure the SSO settings in Document360:

1. Return to the Document360 tab/panel displaying the **Configure the Service Provider (SP)** page and click Next to navigate to the **Configure the Identity Provider (IdP)** page.

![](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/others(2).png)

1. Enter the parameters from your IdP to Document360 as shown below.

| Document360 | Identity provider |
| --- | --- |
| Client ID | Client ID |
| Client Secret | Client Secret |
| Authority | Authorization URL or Endpoint |

1. Upload the necessary certificates or keys, if required.
2. In the **Scope**(optional) field, type a scope value and click **+** to add it as a chip. This defines what user information or permissions Document360 requests from your identity provider.

You can add up to 3 scopes.
3. Click **Next** to proceed to the **SCIM provisioning** page.

### SCIM provisioning

If SCIM is needed,

1. Turn on the **Enable SCIM provisioning** toggle.

![SCIM provisioning settings for integrating Identity Provider with Document360 for user synchronization.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/enable scim(4).png)

1. A confirmation dialog will appear outlining the terms for enabling SCIM. Review the terms, select the checkbox, and click **Agree**.
2. A set of parameters will then be displayed needed to enable SCIM provisioning with your IdP.

![Configuration settings for SCIM provisioning with highlighted tokens and roles.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/enable group sync(2).png)

#### Assign Default role

1. Turn on the**Enable group sync toggle**if needed. This automatically assigns users and readers based on your IdP group mappings.
2. In the**Default role** field, the role is set to **Contributor**by default. You can change this from the dropdown if needed.
3. In the**User groups** and **Reader groups** fields, select the groups you want to add. Multiple groups can be added, and they will inherit the default role you selected earlier.
4. Click **Next**to navigate to the **More Settings**page.

### More Settings

In the **More settings** page, configure the following:

- **SSO name**: Enter a name for the SSO configuration.
- **Customize login button**: Enter the text for the login button displayed to users.
- **Auto assign reader group:**This option is only available for existing SSO configurations. For newly created SSO configurations, the Auto assign reader group toggle will not be displayed as SCIM automatically provisions users and groups.
- **Sign out idle SSO user**: Toggle on/off based on your requirements.
- Choose whether to invite existing user and reader accounts to SSO.

![Settings for creating a new SSO, including name and login button customization options.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/more settings(8).png)

- Click **Create** to complete the OpenID SSO configuration.

The SSO configuration will now be set up in Document360 using your selected Identity Provider.

---

## Managing Users in your IdP

![Overview of reader management settings, highlighting user accounts and permissions synchronization.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/readers.png)

To view the readers added through your custom app,

1. Go to Document360 and navigate to **Settings**> **Users & permissions** > **Readers & groups**.
2. Select the reader to navigate to their reader profile.

Readers provisioned via SCIM will display an**SSO-SCIM** badge next to their name.

> [!NOTE]
> ******NOTE
> 
> When SCIM is enabled, editing a user's name or deleting a user directly in Document360 is disabled, as these actions must be managed through your IdP to keep both platforms in sync. You can
> 
> only manage the content access from Document360. Deleting a profile in your IdP does not remove it from Document360, the profile will remain with an Inactive status.

#### Manage content access of Readers, Users and Groups

The default content role assigned to any new user, reader, or group is based on what was configured during SCIM provisioning setup. Permissions will be set to **None**by default but can be updated at any time.

1. To manage content access, select the desired reader and click **Manage Content Access**.
2. Choose the desired access level from the dropdown and click **Update**.

![Editing reader account settings, including content access and associated groups options.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/manage.png)

> [!NOTE]
> ******NOTE
> 
> You can also manage groups for a reader by clicking Manage groups under the Reader Group section.

---