Skip to main content
Submit a request

Setting Up OIDC Single Sign-On (SSO) with Vitre

Updated

Integrating an external Identity Provider (IDP) with Vitre using OpenID Connect (OIDC) enables secure and seamless user authentication for your organization. This process involves defining an integration on the customer’s side and providing necessary information to Vitre. The SSO scheme will be pre-defined by Vitre and shared with you. The steps outlined below must be completed by a technical administrator with access to manage the IDP configuration.

Process of the adding SSO integration

  1. An SSO Code or Scheme will be provided to you before the integration setup
    1. A unique string to identify the SSO integration for your tenant, for example acme, or yourcompanyname, the string should be easy to use by end-users in the login process, this is usually the name of the organization.
    2. This string will appear at the end of all redirect URIs and is critical for uniquely identifying your tenant SSO integration.
    3. The string should be constructed from a-z characters only, this is not a domain.
  2. The customer should provide information about his IDP type
    1. Microsoft (Entra ID/365/AzureAD) / Google / Okta / Other
  3. If the IDP type is Microsoft, the customer should provide his TenantID.
  4. The customer should provide his Client Credentials
    1. Client ID
      1. For Microsoft, this is the "Application (client) ID" in the App Registration, not the Secret ID under "Certificates & Secrets".
    2. Client Secret
      1. A confidential string generated during application setup.
      2. Please provide the secret's expiration date to help schedule timely updates.
  5. The customer should configure Redirect URIs on his side for the integration to work. Replace {scheme} with the unique SSO code or scheme provided (note that the URIs are case sensitive and they should be lowercase):
    1. Production Environment:
      1. https://api.vitre.io/{scheme} - Used by users logging in via the Vitre app
      2. https://internalapi.vitre.io/{scheme} - Used by users logging in via the Vitre web app (typically from desktop)
    2. Localhost (for testing):
      1. https://localhost:54931/{scheme}
  6. Logout flow for OIDC is not supported.
  7. The customer should grant necessary permissions to the OIDC application for access, especially User.Read for Microsoft integrations.
  8. The customer should provide a test user account to verify the integration.
  9. Configuration needs to be changed on the Vitre side to activate the integration and test that everything is working as expected.
  10. Important decisions need to be made:
    1. Whether the SSO authentication method is the only acceptable method for this tenant.
    2. Should users be created automatically on SSO login.

 

Important Notes

  • SSO Code/Scheme: The SSO code is a critical part of the integration, used to uniquely identify your configuration. It must be consistent across all redirect URIs.
  • Client Secret Security: Keep the client secret confidential and accessible only to authorized personnel.
  • Secret Expiration: Plan to rotate the client secret before its expiration date.
  • IDP user to Vitre user correlation: Usually the email address of the user on the IDP is the Username of the employee in the Vitre system and they are correlated on login.

 

For any questions or further assistance, please contact our support team.

Related to

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles