OpenID Connect
The fulfillmenttools platform supports the OpenID Connect (OIDC) Protocol to support external IDPs.
General documentation regarding OIDC can be found on the official OpenID Connect documentation. The OpenID Connect Protocol is generally supported by all major IDPs like Microsoft Entra ID (former Azure Active Directory / AD), Auth0, Keycloak, etc.
All of the IDPs have in common that you need to create an OAuth Application which results in the following the data/credentials that you need to supply to the fulfillmentools platform:
clientIdclientSecretissuerUrladditional information might be required (these have to be extracted from your IDP's documentation)
Furthermore, you must configure groups and roles to enrich the auth token with role and group information. See the child pages for a step-by-step guide for choosing IDPs.
Configure OIDC within fulfillmenttools
More OIDC-API information can be found here: REST API documentation - OIDC
To register an OIDC provider to the fulfillmenttools platform, you just need to execute the following REST API call:
Some IDP vendors need customParameters to make SSO work. See your IDP vendor's documentation for details.
Custom Parameters for Microsoft Entra ID / Azure Active Directory
Add this custom parameter in case you are using a Microsoft Entra ID / Azure Active Directory IDP to make sure that only users of your tenant can log in:
Mapping roles to fulfillmenttools facilities
We utilize the groups feature of your IDP to map users to facilities. In the OIDC configuration, you can also provide assignedGroups. There you give a mapping from your IDP groupIds to fulfillmenttools facilityRefs:
Last updated