Generic OIDC

Introduction

To connect Count to a generic OIDC identity provider, you'll need to be a Count workspace owner, and have SSO enabled for your workspace.

Head to the Count workspace settings, select the SSO tab and select Generic - you'll need to provide an Issuer URI, Client ID and Client secret.

The Issuer URI should be the base path at which the OIDC configuration can be retrieved. For example, if your Issuer URI looks like

https://my-issuer-uri.com/some/path

then a JSON document should be accessible at

https://my-issuer-uri.com/some/path/.well-known/openid-configuration

that contains a valid OIDC configuration document:

curl https://my-issuer-uri.com/some/path/.well-known/openid-configuration
{
 "issuer": "...",
 "authorization_endpoint": "...",
 "token_endpoint": "...",
 "jwks_uri": "...",
 "response_types_supported": ["code", ...],
 "scopes_supported": ["openid", "email", ...],
 ...
}

Count currently assumes that your identity provider:

Returns an OIDC configuration with at least the above properties
Accepts the client_secret_basic authorisation method
Supports the openid and email scopes
Returns an identity token that contains the following in its payload:
- email - the email address of the authenticated user
- sub - the unique identifier of the authenticated user

PreviousGoogle NextBrand

Last updated 1 year ago