Versions Compared

Version Old Version 7 New Version Current
Changes made by

Chaima Belkacem

Alaa MZOUGHI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single sign-on (SSO) is a method of allowing a user to access multiple applications or platforms with a single sign-on.

Info

Sidebar dropdown → Organisation → OIDC SSO Connection

Fill the fields under the OIDC SSO connection section

...

Setup the user roles automatically using OIDC

In the Organizations → OIDC settings, there are 2 options designed for this :

...

Option

...

Example of value

...

Description

...

OIDC Roles Map

...

Code Block
{
"editor": "Editor", 
"admin": "Admin",
"viewer": "Reader", 
"restricted_viewer": "ReaderRestrict"
}

...

This is a JSON object that contains the 4 feedier roles as keys (do not change them) and the SSO role in your IAM system.

restricted_viewer is the Feedier role, ReaderRestrict is the role name in your SSO that you can assign to the user

...

OIDC Scopes

...

openid,email,roles

...

This is a comma separated list of information Feedier will ask for every SSO connection, the roles is required so Feedier can assign a role to the user.

Note

There must be no extra spaces in the field value.

Info

For any help, ask our team to help you set it up.

Example for Microsoft Active Directory

An App needs to be created from your Azure portal, you can call it Feedier.

Under API permissions, make sure to enable: Microsoft Graph

...

email

...

openid

...

User.Read

...

Table of Contents
stylenone

Introduction

Info

This guide outlines the steps to set up Single Sign-On (SSO) for Feedier using Azure as an example. Register a new application in the Microsoft Entra admin center, configure authentication and API permissions, and define any required app roles. Finally, review the settings and test the integration to ensure successful authentication.

Steps To Create The SSO Application (Example:Azure)

1. Access Azure Portal

Navigate to the Microsoft Entra admin center.

...

2. Register Application

Click on Applications => App registrations (1)=> Then click New registration (2)

...

3. Configure Application Registration

  • Name : Enter a descriptive name for your application (e.g., "Feedier SSO").(1)

  • Supported account types: Choose the appropriate option based on your requirements (e.g., single tenant). (2)

  • Redirect URI: (3)

Then, in the organization settings: 

URL name

Typical URL 

Discovery Endpoint

https://login.microsoftonline.com/{tenant_id}/v2.0/.well-known/openid-configuration

Authorization Endpoint

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize

Userinfo Endpoint

https://graph.microsoft.com/oidc/userinfo

Token Endpoint

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

Base URL

https://login.microsoftonline.com/{tenant_id}/v2.0

The IDs and URLs with your custom ID can be found directly in the tool you want to use for SSO (e.g. Microsoft, Okta,...).

For further reading, here’s an example of adding an OpenID Connect-based single sign-on application:

...

  • Click Register (4)

Screenshot 2024-11-05 at 13.35.43.pngImage Added

4. Set Up Authentication

  • After creating the app registration, navigate to Authentication. (1)

  • Ensure the redirect URI is correctly added.(2)

  • Set the appropriate Implicit Grant and Hybrid Flows if needed (typically, you’ll enable ID tokens for SSO). (3)

Screenshot 2024-11-05 at 13.58.33.pngImage Added

5. Configure API Permissions

  • Navigate to API permissions in the app registration.(1)

  • Click on Add a permission.(2)

  • Select Microsoft Graph.(3)

Screenshot 2024-11-05 at 14.06.05.pngImage Added

  • Select Delegated permissions (4)

Screenshot 2024-11-05 at 14.06.32.pngImage Added

  • Choose the necessary permissions for your application (e.g., User.Read, openid, email) by typing the permission name in the select permissions search bar.(5)=> finally you will find them under API/Permissions name

Screenshot 2024-11-05 at 14.06.51.pngImage Added

6. Assign Roles (if required)

  • Go to App roles in the application registration settings.(1)

  • Define the following roles as required by Feedier OIDC.

    • "editor": "Editor"

    • "admin": "Admin"

    • "viewer": "Reader"

    • "restricted_viewer": "ReaderRestrict"

  • Apply.

...

7. Finalize and Test

  • Review all settings to ensure everything is configured correctly.

  • Click on overview (1) => Endpoints (2) => List of endpoints and the Client ID to be used later to set up SSO on feedier

...

  • Go to Certificates & secrets (1) to get the clinet secret(2) to be used later on the OIDC configuration on feedier side

Screenshot 2024-11-05 at 15.10.15 (1).pngImage Added

  • Now you need to communicate to Feedier these credentials :

    • Client ID

    • Client Secret

    • Discovery endpoint