This article outlines the essential configuration requirements for connecting your enterprise Identity Provider (IdP) to Single Sign-On (SSO) using the OpenID Connect (OIDC) protocol with Okta or OneLogin. It highlights key concepts and best practices to help you establish a secure and efficient authentication setup.
This section provides the necessary parameters and configuration steps for you to set up your IdP to work with 101domain and then to set up within your 101domain account.
-
On your IdP side, you must have sufficient permissions to add an Application connector (if applicable).
-
On your 101domain account side, you must be the Primary Account Owner to do this.
101domain utilizes the OpenID Connect (OIDC) protocol, which is layered on OAuth 2.0.
When registering the 101domain application in your corporate IdP, the application must be configured as a Web Application to ensure the secure exchange of tokens using the authorization code flow, which requires a Client ID, Client Secret, and Discovery URL*.
*The term 'Discovery URL' might also be referred to as 'Well-known Configuration', or 'OpenID Provider Metadata' and will depend on the provider.
Depending on your IdP, the details may differ slightly. Contact your IdP or IT administrator for more information.
The table below outlines the key technical parameters required for this registration.
|
101domain Parameter |
Description |
Value/Standard |
IdP Admin Action |
|
Redirect URI (Callback URL) |
The authorized endpoint where the IdP sends the authentication response after successful login. |
Depends on IdP |
Must be precisely registered in the IdP application settings. |
|
Required Scopes |
The minimum access permissions 101domain requests to authenticate the user and retrieve necessary profile attributes. |
openid, profile, email |
Must be granted by your IdP administrator during application setup. |