Using OpenID with PheedLoop

Please note: This feature is best reviewed with a direct contact from our sales or customer team. Before proceeding, please reach out to us for validation and guidance.

OpenID Connect allows your organization to set up their own SSO provider that is run with OpenID Connect.

Contents

• Step 1 - Configure PheedLoop as new SSO client
• Step 2 - Whitelist these URLs with your OIDC Provider
• Step 3 - Connecting OpenID to PheedLoop
• Step 4 - Enabling SSO During Login
• Step 5 - How do I test OIDC?
• Disconnecting OIDC Connect from PheedLoop

Step 1 - Configure PheedLoop as new SSO client

As your team sets up your OIDC provider, you will need a number of items before you can connect it to PheedLoop. For most items on this list, they can only be grabbed once you create a SSO Client Application for PheedLoop.

• Logo: A JPG or PNG copy of your organization logo (preferably a square logo with a transparent background)
• Client ID: Provided by the OIDC Provider
• Client secret: Provided by the OIDC Provider
• Authorize Endpoint: Provided by the OIDC Provider
• Token Endpoint: Provided by the OIDC Provider
• User Info Endpoint: Provided by the OIDC Provider

Step 2 - Whitelist these URLs with your OIDC Provider

There are two URLs that need to be whitelisted by your OIDC provider.

• https://site.pheedloop.com/sso/redirect
• http://localhost:8080/sso/redirect

Please note, issues may arise if these two URLs are not whitelisted.

Step 3 - Connecting OpenID to PheedLoop

1. From the Event Dashboard, select your email on the top right corner and select Settings

2. Navigate to Integrations

3. Scroll down to Single Sign On Integrations and under OpenID Connect, select Configure New Provider

4. Under the OIDC Integration Name field, enter the name of your SSO integration
   1. Please note, this name will appear on the login screen for users. This field is open text and can include messages along with your organization name.

   2. 

5. Under the Logo field, upload a logo for your SSO integration
   1. Please note, the logo will appear on the login screen for users.![][image5]

   2. 

6. Under the Client ID field, enter the Client ID for your SSO integration
7. Under the Client Secret field, enter the Client Secret for your SSO integration
8. Under the Authorization Token Endpoint field, enter the Authorization Token Endpoint for your SSO integration
9. Under the Token Endpoint field, enter the Token Endpoint for your SSO integration
10. Under the User Info Endpoint field, enter the User Info Endpoint for your SSO integration

11. Do not edit the Scope field unless instructed to do so by your OIDC provider
    1. By default, this field should be left as openid profile email
12. Do not edit the Client Authentication Method field unless instructed to do so by your OIDC provider
    1. By default, this field should be left as Client Secret Post

User Info Field Mappings

In addition to the standard configuration settings for SSOs, there is an additional section titled User Info Field Mappings. This section goes over the differences between the information fields used by your SSO provider and the fields used by PheedLoop. For example, your SSO provider may list a different First Name and Last Name field than what is used by PheedLoop.

To ensure the fields match what is used by your SSO provider, you will need to configure the fields manually under this section.

Please note, the User Info Fields only take effect when the user has logged in with the SSO provider. If the user logs in normally with a PheedLoop account, the settings will not take effect.

1. Under Email Field, enter the field title to represent the user email address
   1. By default, this field is Email.
2. Under First Name Field, enter the field title to represent the user’s first name
   1. By default this field is given_name.
3. Under Last Name field, enter the field title to represent the user’s last name
   1. By default this field is family_name.
4. Under the Internal Code Field, enter the field title to represent the internal code for users to log their member identification from their OIDC provider
   1. By default, this field is sub.
5. Select Save Changes

Step 4 - Enabling SSO During Login

Now that your OIDC provider is connected to PheedLoop, you can choose where Single Sign-On (SSO) will be available as a login option. All portals can be configured to allow or restrict SSO logins. For instructions on which areas can enable SSO login, please refer to our Configuring your Single Sign-On Provider with PheedLoop article.

Step 5 - How do I test OIDC?

You can test your OIDC provider on any portal where you have enabled it as an authentication option. Simply select your OIDC provider on the login page and navigate through the login process. Once complete, you should now be logged in with your OIDC account.

Disconnecting OIDC Connect from PheedLoop

1. From the Event Dashboard, select your email on the top right corner and select Settings

2. Navigate to Integrations

3. Scroll down to Single Sign On Integrations and under your created SSO provider, select Connected

4. Select Delete Integration