Generic OIDC


To connect Count to a generic OIDC identity provider, you'll need to be a Count workspace owner, and have SSO enabled for your workspace.

Head to the Count workspace settings, select the SSO tab and select Generic - you'll need to provide an Issuer URI, Client ID and Client secret.

The Issuer URI should be the base path at which the OIDC configuration can be retrieved. For example, if your Issuer URI looks like

then a JSON document should be accessible at

that contains a valid OIDC configuration document:

 "issuer": "...",
 "authorization_endpoint": "...",
 "token_endpoint": "...",
 "jwks_uri": "...",
 "response_types_supported": ["code", ...],
 "scopes_supported": ["openid", "email", ...],

Count currently assumes that your identity provider:

  • Returns an OIDC configuration with at least the above properties

  • Accepts the client_secret_basic authorisation method

  • Supports the openid and email scopes

  • Returns an identity token that contains the following in its payload:

    • email - the email address of the authenticated user

    • sub - the unique identifier of the authenticated user

Last updated