When using Single Sign-on with OpenID Connect, Softadmin® delegates user authentication to an OpenID Provider. In OpenID terminology, Softadmin® plays the role of the relying party (RP), while the OpenID Provider serves as the Identity Provider (IdP).
By entrusting authentication to the IdP, Softadmin® simplifies user management and enables users to utilize the same login credentials as their organization's other systems.
Upon a user's login, Softadmin® retrieves user data from the Identity Provider in the form of an id token.
Softadmin® verifies that the id token is trustworthy, checking cryptographic signatures, expiry, etc. However, as different integrations will use different claims to describe their users, Softadmin® relies on a system-unique stored procedure, as configured in the system setting SingleSignOnOpenIdConnectSignInProcedure to convert the claims in the id token into a row in the SoftadminApi.User table.
If sufficient information is not present in the id token, Softadmin® can be configured to perform an additional call to the IdP's UserInfo endpoint, where some servers will return additional data.
User permissions can be controlled through:
Softadmin® relies on the Identity Provider to manage user access to the Softadmin® system. If this isn't feasible, the recommended approach is to: