Setting up SSO with OpenID Connect
The Single Sign On (SSO) feature allows multiple people at your company to securely log into and administer your DN network, using your OpenID Connect (OIDC) identity provider. This means that there is no separate password for them to manage, and onboarding/offboarding employees is a snap. You can also limit the group of people who have access to DN directly in your identity provider. This guide will walk through the process of setting up SSO in DN.
To use the SSO feature of Defined Networking you will need:
- The ability to create a new application in your OIDC Identity Provider (IDP)
- A Defined Networking account
While administrators authenticating with SSO are able to perform most actions, they are unable to modify the account’s SSO configuration. For this, you will need to log in with a magic link and TOTP authenticator as you do today.
Ready to set up SSO on your account? Let’s get started!
First, login to your Defined Networking account and navigate to the Single Sign-On page.
Next, login to your identity provider and create a new OIDC application. Begin configuration by copying the Sign-in Redirect URL from the Single Sign-On page of the Defined Networking admin panel to your identity provider. If asked to specify a grant type, choose “Authorization Code.” You may also need to explicitly allow the “email” OIDC scope. The screenshot below is an example of what this might look like within your IDP, though each provider will differ.
Once your application is created you’ll need to find three pieces of information from within your identity provider and copy them into the configuration page of your Defined Networking admin panel: Client ID, Client Secret, and the Issuer URL.
Now click “Save” and if everything was entered correctly you will see your new OIDC provider enabled and ready to accept logins!
To verify your setup, find the Sign-on URL listed at the top of the page, paste it into your browser and complete the sign-in. After landing back in your Defined Networking account you will be able to see the authentication in your logs, just like any other authentication!
Congratulations on configuring SSO for your DN network!