How can we help you today?

Menu

    OrangeHRM OpenID Authentication

    Avatar
    OrangeHRM Administrator
    • Updated
    Follow

    Step 1: Prerequisites

    • Access to OrangeHRM: You should have administrative access to your OrangeHRM instance.
    • OpenID Connect Provider: Choose an OpenID Connect provider that supports the OpenID Connect protocol. Examples include Auth0, Okta, Google Identity Platform, or your own OIDC-compliant server.

    Step 2: Configure OpenID Connect Provider

    • Create a New OIDC Application:
      • Log in to your OpenID Connect provider's admin console.
      • Create a new application or client.
      • Note down the following details:
        • Client ID
        • Client Secret
        • Authorization Endpoint URL
        • Token Endpoint URL
        • User Info Endpoint URL
        • Redirect URI (Callback URL)
    • Configure Scopes and Claims:
      • Define the necessary OpenID Connect scopes and claims required for user authentication and authorization.
    • Download Provider Metadata:
      • Download the OpenID Connect provider's metadata file if available. This file typically contains important configuration details.

    Step 3: Configure OrangeHRM

    • Access OrangeHRM:
      • Log in to your OrangeHRM instance as an administrator.
    • Navigate to OpenID Connect Settings:
      • Go to Admin > Authentication > OpenID Connect.
    • Enable OpenID Connect:
      • Toggle the OpenID Connect switch to enable it.
    • Configure OpenID Connect Settings:
      • Enter the following information:
        • Client ID: Enter the Client ID obtained from your OpenID Connect provider.
        • Client Secret: Enter the Client Secret obtained from your OpenID Connect provider.
        • Issuer URL: Enter the issuer URL of your OpenID Connect provider.
        • Authorization Endpoint URL: Enter the Authorization Endpoint URL from your OpenID Connect provider.
        • Token Endpoint URL: Enter the Token Endpoint URL from your OpenID Connect provider.
        • User Info Endpoint URL: Enter the User Info Endpoint URL from your OpenID Connect provider.
        • Redirect URI (Callback URL): Enter the Redirect URI obtained from your OpenID Connect provider.
    • Map OIDC Attributes:
      • Map OrangeHRM fields to the corresponding attributes from your OpenID Connect provider (e.g., map email, username).
    • Save Settings:
      • Click "Save" to apply the OpenID Connect settings.
    • Test the Configuration:
      • Log out of OrangeHRM and try logging in again using the OpenID Connect option.

    Step 4: Additional Configuration (Optional)

    • User Role Mapping:
      • Configure user role mapping between OrangeHRM roles and OpenID Connect groups/roles.
    • Attribute Mapping:
      • Map additional attributes if needed, such as first name, last name, or custom fields.

    Step 5: Troubleshooting

    • Logs:
      • Check logs in OrangeHRM for any error messages related to the OpenID Connect configuration.
    • Credentials:
      • Double-check that the Client ID, Client Secret, and other details in OrangeHRM match the credentials obtained from the OpenID Connect provider.
    • Redirect URI:
      • Ensure that the Redirect URI in OrangeHRM matches the one configured in your OpenID Connect provider.
    • Scopes and Claims:
      • Confirm that the required OpenID Connect scopes and claims are correctly configured in both OrangeHRM and the provider.

    Related articles