Set up portal authentication using Open ID Connect (OIDC)
The Portal Authentication system enables users to log in to a Squiz digital portal using existing credentials, such as student IDs or email addresses.
It can be configured to use any attributes offered through an Open ID Connect identity provider to streamline the authentication process for Squiz DXP-hosted website portal users.
Before you start
Satisfy these prerequisites before attempting this procedure:
-
Check that you have Owner primary role or Admin primary role permissions on your Squiz DXP account.
-
Get confirmation from Squiz that your selected portal domain has been configured for Portal OIDC authentication.
If you do not see Portal OIDC authentication as a schema type in the Squiz DXP Console, this capability may need to be enabled for your organization first. -
Read OIDC settings reference to understand the OIDC settings.
-
Read Set up IdP-initiated sign-out for Open ID Connect (OIDC) to decide whether this option is relevant to your authentication needs.
Configuration steps
There are two areas in which you need to set up OIDC settings:
Configure Squiz DXP portal authentication settings
To set up portal authentication for a site:
-
Navigate to .
DOMAINis the website domain that hosts the portal. -
Click the (Edit settings) icon to the far right of the row for the chosen domain.
-
In the Edit settings dialog, configure the settings using OIDC settings reference as a guide.
-
Optionally configure Set up IdP-initiated sign-out for Open ID Connect (OIDC) if your OIDC provider supports this feature.
-
Click the Save changes button to complete the mapping process.
Configure OIDC settings
Register these basic configuration settings in your OIDC provider’s application settings.
- Redirect URI / callback URL (required)
- Allowed origins
-
Check with your OIDC provider if this is required.
Example:
https://www.example.net - Public key
-
If you are using the recommended
private_key_jwtauthentication method described in Client authentication method options, you need to register the public key from the same key pair as the private key entered in Squiz DXP Console.-
The format will look similar to:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3... [multiple lines] ...aBcD== -----END PUBLIC KEY----- -
Specify the signing algorithm
RS256if your provider asks for it.
-
Next steps
Thoroughly test the integration between the OIDC provider and your portal.
The most common cause of authentication issues is OIDC configuration misconfiguration, so double-check the settings on both the Squiz DXP and the OIDC identity provider sides carefully before requesting support.