OIDC
Prerequisites:
Identity provider with OIDC support (eg. Okta, OneLogin, etc...)
SSO enabled in Mitzu
Steps:
Login to Mitzu and navigate to the 'Manage organisation' page. Once SSO is enabled the details of the integration can be configured:
Open the webconsole of your Identity Provder and create a new client application, with the following settings:
Application type: Web Application
Grant type: Authorization Code
Sign-in redirect URIs: copy the entire value of the Redirect URL input from the Mitzu SSO settings
Sign-out redirect URIs: copy the entire value of the Home URL and append `/auth/unauthorized'
to initiate the login from the Identity Provider side, redirect the users to the Home URL appended '/auth/redirect-to-login'
Client authentication: client secret
Configure the client settings on the Mitzu SSO page
Client ID, Client Secret values can
Authorize endpoint, token endpoint and JWKS URI can be configured manually or set the
<idp>/.well-known/openid-configuration
URL and click on the Fetch OIDC Settings button. It will fetch the configuration and fill out these fields.
Click save
In a different browser (or in an incognito window) verify the login flow. If it is not working as expected then please supervise your settings or contact Mitzu Support.
Last updated