Skip to main content
Version: 3.25

Setting authentication via OpenID

caution

Checkout our technical specification manual the list of approved OpenID authentication providers.

senhasegura implements standard OpenID protocol authentication. SSO providers that support this protocol can be configured.

caution

At senhasegura version 3.12 and earlier it will be necessary to contact senhasegura support team to perform a manual configuration that allows authentication through the OpenID protocol.

To enable the use of the OpenID authentication provider in senhasegura :

  1. Go to the menu Settings ➔ Authentication ➔ Providers;

  2. Change the filter to account for all records. Active and inactive;

  3. Locate the OpenID record and change it status to Active (not to be mistaken with Google OpenID);

  4. Go to the menu Settings ➔ Authentication ➔ Providers ➔ System OpenID ➔ Providers;

  5. Click on the report action New;

In the form that opens, fill in the information with the data previously mentioned in the premises.

  • At tab Main informations;

    • Type: SSO OpenID provider type. Use OpenID Connect option if you don't find your provider's model;

    • Client ID: It is the senhasegura identification at the SSO provider;

    • Client secret: It is the authentication password created by the SSO provider;

    • Redirect URL: It is the senhasegura URL that will receive the authentication steps. By default it will be as follows https://senhasegura.mycompany/flow/opid/auth/oauth/, where the example domain senhasegura.mycompany must be replaced with the senhasegura instance access IP or domain;

    • OpenID endpoint configuration: It is the SSO OpendID endpoint URL published by the provider. This URL provides a JSON containing all endpoints used in the other fields bellow;

    • Authorization endpoint: A URL described at JSON as "authorization_endpoint";

    • Token endpoint: A URL described at JSON as "token_endpoint";

    • Userinfo endpoint: A URL described at JSON as "userinfo_endpoint";

    • JWK endpoint: A URL described at JSON as "jwks_uri";

From this moment on, senhasegura users can see a login button using OpenID on the senhasegura login screen. The authentication validity time rules are the control of the SSO OpenID provider.

In Settings ➔ Authentication ➔ OpenID ➔ Providers: When registering an OpenID provider with all required fields. It is possible to make changes and save. The client secret will be blank and requested again, but it will no longer be mandatory to fill it out and can be left blank.