OpenID Connect (OIDC) Setup
Configure SSO using the OpenID Connect protocol
Overview#
OpenID Connect (OIDC) is a modern authentication protocol built on OAuth 2.0. Most identity providers support OIDC, including Okta, Azure AD, Auth0, and others.
Prerequisites#
Your IdP supports OpenID Connect
You can create an OIDC application in your IdP
You have a Client ID and Client Secret
Redirect URI#
When creating your OIDC application, add this redirect URI:
https://api.viksaai.com/auth/auth/sso/oidc/callback
Required from Your IdP#
Issuer URL
The OIDC issuer URL (e.g., https://example.okta.com/oauth2/default)
Client ID
The public identifier for your OIDC application
Client Secret
The secret key for secure token exchange
Required Scopes#
Ensure your OIDC application requests these scopes:
openidemailprofilegroups (optional)
Configuration Steps#
- 1
Create OIDC application in your IdP
Create a new application with the "Web" or "Server-side" type. - 2
Add the redirect URI
Add https://api.viksaai.com/auth/auth/sso/oidc/callback as an allowed redirect URI. - 3
Configure scopes
Enable openid, email, and profile scopes. - 4
Copy credentials
Copy the Issuer URL, Client ID, and Client Secret. - 5
Configure ViksaAI
Go to Settings → SSO, select OIDC, and enter your credentials. - 6
Verify and enable
Complete domain verification, test the connection, and enable SSO.
OIDC vs SAML#
| Choose OIDC if | Choose SAML if |
|---|---|
| Your IdP recommends it; you want simpler configuration; you use modern OAuth2-based IdPs. | Your organization uses traditional enterprise IdPs; you need advanced attribute mapping; your IdP only supports SAML. |