Drindal can integrate with any Open Id Connect (OIDC) identity provider (IdP) for single sign-on. Generally they are all configured the same way. First you setup Drindal as an app in your Idp and enable it for your users. Then you configure Drindal to use your IdP for login by entering a few pieces of information provided by your IdP.
Drindal only supports Service Provider (SP) initiated login, meaning you start login from the Drindal app. IdP initiated login, where you start login from your IdP is not supported.
Provider specifics you'll need for configuring SSO in Drindal are as follows:
Google is unique from most IdPs because, whereas other IdPs have a server configuration and user pool per customer, Google is one giant pool of users. This translates to a slightly simpler setup in Drindal because there are fewer details specific to your account. Note: Because Google is one big user pool, you'll need to setup users manually in Drindal. Drindal can't auto provision users in this case because even if a user is authenticated by Google, that doesn't mean they should have access to your Drindal account.
| Org Name | The domain of your organization. This must be a domain you have DNS control over. |
| Provider |
| Org Name | The domain of your organization. This must be a domain you have DNS control over. |
| Provider | Custom |
| Create Users | Check this if you want Drindal to automatically create user accounts for new authenticated users. |
| Client Id | Copy and paste this from your IdP. |
| Client Secret | Optional. Copy and paste this from your IdP if you enable a secret for Drindal there. |
| Issuer URL | Drindal will automatically discover the remaining details it needs by using the issuer URL provided by your IdP. Your Idp may provide this clearly as an "Issuer URL", or it may give you a link for "meta data" or "dynamic configuration". The URL might look something like https://123456789.okta.com/.well-known/openid-configuration. In this example, you just need to enter https://123456789.okta.com for the issuer URL in Drindal. |