Import from OpenID Connect

This configuration allows Password Depot Enterprise Server to integrate with an OpenID Connect (OIDC) identity provider for seamless user authentication.

By setting up an OIDC identity provider, you can import users from an external identity provider (such as Auth0, Entra ID, PingIdentity, or an OIDC service) and enable them to log in directly from the Password Depot Client.

In the Tools menu, you will find the Import from OIDC option, which allows you to launch the assistant of the same name. The OIDC Import is required if you want your users to log in to the Enterprise Server via Single Sign-On (SSO).

Select an existing provider or click New... to add a new identity provider.

General tab overview

• Name: This is the name/label you assign to this particular identity provider configuration. It is used internally to identify the connection.
• Provider: A drop-down where you can choose the type of identity provider. Options include:
  • OIDC: Generic OpenID Connect configuration.
  • PingIdentity: A specific IDaaS (Identity as a Service) provider.
  • Auth0: A popular identity provider platform.
  • Entra ID: Microsoft Entra ID (formerly Azure AD) – Microsoft's identity solution.
• Discovery endpoint: This is a standardized URL that allows the client to retrieve metadata (authorization, token, userinfo endpoints) required for the OIDC flow.

  Format (example):

  https://{Provider}/{TenantId}/.well-known/openid-configuration

  Replace {Provider} and {TenantId} with values specific to your identity platform (e.g., Auth0, Entra ID, etc.).

• Application (client) ID: This is the Client ID you receive when you register your application with the identity provider. It identifies the application during the OIDC flow.
• Redirect URL: This is where the identity provider redirects the user back after successful authentication. It must match exactly what you configured on the identity provider's side.
• OpenID Connect Core 1.0 incorporating errata set 2
• Test client login: This button initiates a test authentication flow using the above credentials to validate the setup.

Advanced tab overview

• Response type: This defines how the authentication response is returned from the identity provider (code, id_token, or token).
• Scopes: These define what information or access levels are requested during authentication. You can add more scopes here if your application needs additional data (e.g., email).
• Attributes mapping: This is where user information from the token payload (claims) is mapped to internal server attributes.

Management API tab overview

• API Base URL: This is the base endpoint URL for the identity provider's management API.
• Client Secret: The client secret associated with your registered OIDC application. This is used alongside the Client ID (set in the "General" tab) to authenticate API requests and obtain access tokens.

Return to the Password Depot homepage • Support Center • Legal Notice • Privacy Policy