fulfillmenttools
API documentationIncident ManagementFeedback
Developer Docs
Developer Docs
  • Developer docs
  • Getting Started
    • Quickstart
    • Integration tutorial
      • Adding facilities
      • Adding listings to facilities
      • Configuring stocks
      • Carrier configuration
      • Placing orders
      • Checkout options
      • Distributed Order Management System (Routing)
      • Local fulfillment configuration
    • Free trial
  • Technical Basics
    • Access to fulfillmenttools
    • Feature status
    • Available regions
    • Backup policies
  • Connecting to fulfillmenttools
    • Client SDKs
    • commercetools connect
    • OpenID connect
      • Configure Microsoft Entra ID / Azure Active Directory
      • Configure Keycloak
  • API
    • Core concepts
      • Authentication & authorization
      • API Versioning & lifecycle
      • Assign user to jobs
      • Localization
      • Resource timestamps
      • Custom attributes
      • Article attributes
      • Recordable attributes
      • Data update guarantees
      • Rate limits & scaling
      • Retries
      • Performance on test vs. production systems
      • Load testing
    • API calls
      • Postman
      • cURL
      • GraphQL Explorer
    • GraphQL API
    • RESTful API
      • Pagination interface
      • RapiDoc
      • OpenAPI 3.0 Spec
    • Eventing
      • Structure of an event
      • Available events
        • Event flows
      • Eventing example
      • Event export
  • Integration Guides
    • Basics
      • Article categories
      • Audits
      • Facilities
      • Facility groups
      • GDPR configuration
      • Listings
      • Remote configuration
      • Receipts
      • Search
      • Subscribe to events
      • Sticker
      • Stocks
      • Storage locations
      • Tags
      • Users
    • Channel inventory
    • Inbound process
    • Outbound stocks
    • Purchase order
    • Receipt
    • Routing strategy (context-based multi-config DOMS)
    • Show sticker to clients
    • Stow jobs
  • More Integration Guides
    • Carrier management
      • Introduction to carrier configuration
      • Required data when operating carriers
      • Adding & connecting carriers to facilities
      • Custom carrier
    • Configurations for order fulfillment
      • Picking configuration
      • Packing configuration
      • Handover configuration
      • Printing and document configuration
      • Packing container types
      • Parcel tag configuration
      • Headless order fulfillment
      • Short-pick reasons
      • External documents in order fulfillment
      • Service jobs
      • Load units
      • Running sequence
    • DOMS - distributed order management system (routing)
    • External actions
    • Interfacility transfer
    • Notifications
    • Orders
      • Place your first order
      • Ship-from-store orders
      • Click-and-collect orders
      • Locked orders
      • Order with custom services
      • Bundled items in an order
      • Order process status
    • Availability & promising
    • Returns
Powered by GitBook
On this page
  • Configure OIDC within fulfillmenttools
  • Mapping roles to fulfillmenttools facilities
Edit on GitHub
  1. Connecting to fulfillmenttools

OpenID connect

Last updated 2 months ago

The fulfillmenttools platform supports the OpenID Connect (OIDC) Protocol to support external Identity Providers (IdPs).

General documentation regarding OIDC can be found on the official . The OpenID Connect Protocol is generally supported by all major IdPs like Microsoft Entra ID (former Azure Active Directory / AD), Auth0, Keycloak, etc.

All IdPs require to create an OAuth Application which results in the following the data/credentials that must be supplied to the fulfillmentools platform:

  • clientId

  • clientSecret

  • issuerUrl

  • additional information might be required (these have to be extracted from the individual IdP's documentation)

Furthermore, configure groups and roles to enrich the auth token with role and group information. See the child pages for a step-by-step guide for an IdP.

Configure OIDC within fulfillmenttools

More OIDC-API information can be found here:

To register an OIDC provider to the fulfillmenttools platform, perform the following REST API call:

POST https://{TENANT-NAME}.api.fulfillmenttools.com/api/configurations/oidcproviders
{
    "name": "My Provider",
    "status": "ACTIVE",
    "clientId": "my client id",
    "clientSecret": "my client secret",
    "issuer": "https://my-oidc-issuer.com",
    "customParameters": [],
    "assignedGroups": []
}

Some IdP vendors need customParameters to make SSO work. Consult the individual documentation of the IdP vendor for details.

Mapping roles to fulfillmenttools facilities

fulfillmenttools utilizes the groups feature of IdPs to map users to facilities. In the OIDC configuration of the fulfillmenttools platform these groups can be mapped to fulfillmenttools facilities ( assignedGroups). There is a mapping from the IdP groupIds to fulfillmenttools facilityRefs:

{
    ...
    "assignedGroups": [
        {
            "group": "idp-group-id",
            "facilityRefs": [
                "fft-facility-id"
            ]
        }
    ]
}
OpenID Connect documentation
REST API documentation - OIDC