Import from OpenID Connect

This configuration allows Password Depot Server to integrate with an OpenID Connect (OIDC) identity provider for seamless user authentication.

By setting up an OIDC identity provider, you can import users from an external identity provider (such as Auth0, Entra ID, PingIdentity or OIDC service) and enable them to log in directly from the Password Depot Client.

In the Tools menu, you will find the Import from OIDC option, which allows you to launch the assistant of the same name. The OIDC Import is required if you want your users to log in to the Enterprise Server via Single Sign-On (SSO).

General tab overview

Name: This is the name/label you assign to this particular identity provider configuration. It’s used internally to identify the connection.

Provider: A drop-down where you can choose the type of identity provider. Options include:

  • OIDC: Generic OpenID Connect configuration.

  • PingIdentity: A specific IDaaS (Identity as a Service) provider.

  • Auth0: A popular identity provider platform.

  • Entra ID: Formerly known as Azure AD (Microsoft’s identity solution).

Discovery endpoint: This is a standardized URL that allows the client to retrieve metadata (authorization, token, userinfo endpoints) required for OIDC flow.

  • Format (example): https://{Provider}/{TenantId}/.well-known/openid-configuration

You replace {Provider} and {TenantId} with values specific to your identity platform (e.g. Auth0, Entra ID, etc.).

Application (client) ID: This is the Client ID you get when you register your application with the identity provider. It identifies the application during the OIDC flow.

Redirect URL: This is where the identity provider redirects the user back after successful authentication. It must match exactly what you configured on the identity provider’s side.

OpenID Connect Core 1.0 incorporating errata set 2

Test Client Login: This button initiates a test authentication flow using the above credentials to validate the setup.

Advanced tab overview

Response Type: This defines how the authentication response is returned from the identity provider (code, id_token or token).

Scopes: These define what information or access levels are requested during authentication. You can add more scopes here if your app needs other data (e.g. email).

Attribute mapping: This is where user information from the token payload (claims) is mapped to internal server attributes.

Management API Tab

API Base URL: This is the base endpoint URL for the identity provider’s management API.

Client Secret: The client secret associated with your registered OIDC application. This is used alongside the Client ID (set in the "General" tab) to authenticate API requests and obtain access tokens.