Configure OpenID Connect for a Member Hub

OpenID Connect (OIDC) allows you to verify the identity of end-users and obtain basic profile information about them required for single sign-on.

Prerequisites:

Before you configure OIDC for your hub, you must register your hub as an application with your Identity Provider (IdP). You will need to consult your IdP's documentation to complete this setup, because the process varies by IdP.

OpenID Connect is an authentication standard that builds on OAuth 2.0 that you can use to authenticate and authorize user access to your hub. You can use OpenID Connect with any Identity Provider that supports the OpenID Connect (OIDC) protocol.

  1. Sign in to Community as an Admin.
  2. Open the Hubs app.
  3. Click the tile for the hub you want to enable single sign-on for.
  4. On the task toolbar, click Properties > Settings.
  5. Click the Single Sign-on tab.
  6. In the Open_id Connect Single Sign-On section, click Add Open-ID Connect.
  7. In OIDC Provider Name, enter the name for your configuration. For example, use a name that indicates which Identity Provider the configuration is for.
  8. Enter the Client ID and Client Secret from your identity provider.
    Refer to your identity provider's documentation to find these values. You may need to request this information from a system administrator in your organization.
  9. To automatically configure your identity provider using well-known configuration:
    1. Select Use well-known configuration.
    2. In the Well-known configuration URL text box, copy and paste or enter the URL from your identity provider.
    3. Enter the text to display on the sign-in button the Customize button text text box.
    4. Check the Enable SSO button on the Sign-in page to make the single-sign on option available to end-users.
    5. Click Save.
  10. To manually configure your identity provider using manual configuration:
    1. Select Use manual configuration.
    2. Enter the following settings for your identity provider. You may need to request this information from a system administrator in your organization.
      • Authentication request endpoint URL: URL for the OIDC authorization endpoint that authenticates users.
      • Refresh token endpoint URL: URL for the endpoint that is used to refresh user tokens before they expire.
      • Revoke token endpoint URL: URL for the endpoint used to revoke tokens when users sign out of the hub.
      • Userinfo endpoint URL: URL for the endpoint that returns information about the authenticated end-user.
      • Public key: The public key value for token verification.
    3. Enter the text to display on the sign-in button the Customize button text text box.
    4. Check the Enable SSO button on the Sign-in page to make the single-sign on option available to end-users.
    5. Click Save.