CloudBeaver Documentation

DOWNLOAD pdf

OpenID

Note: This feature is available in Enterprise, AWS, Team editions only.

Overview

OpenID is an authentication protocol that allows users to authenticate by leveraging their existing identities from an OpenID provider. OpenID is designed for integration with third-party services, making all Identity Providers (IdPs) inherently built for integration with external services. While popular providers like Google can be utilized through OpenID, the protocol is particularly beneficial for custom, specific, or self-hosted identity providers.

For more comprehensive details on this authentication method, you can refer to the official site.

Configuration steps

Step 1: Enabling OpenID Authentication

  1. As an administrator, go to Settings -> Server Configuration.

  2. Find the OpenID option in the Authentication Settings section and activate this setting to enable OpenID authentication.

  3. Save the changes.

Step 2: Adding an Identity Provider

  1. As an administrator, navigate to Settings -> Identity Providers.

  2. Click on the + Add button.

  3. Fill in the following fields:

    Field Description
    Provider Select OpenID from the dropdown menu.
    ID Enter a unique identifier for the configuration.
    Configuration name Enter a descriptive name for this configuration.
    Description Provide a brief description of this identity provider configuration.
    Icon URL Enter the URL of an icon to represent this provider.
    Disabled Leave unchecked to enable this identity provider.
    Client ID The client identifier provided by the OpenID Connect provider.
    Client Secret A secret key associated with the client ID for authentication.
    IDP auth endpoint URL The endpoint for initiating the authentication process.
    IDP token endpoint URL The endpoint for obtaining access and refresh tokens.

    Note: The values for the Client ID, Client Secret, IDP auth endpoint URL, and IDP token endpoint URL depend on the specific OpenID Connect provider being used.

  4. Click on the Create button.

  5. Copy Redirect and Sign out Links:

    1. Enter the newly created identity provider.
    2. Copy the Redirect link and the Sign out link.
  6. Update Redirect URIs in your service.

Step 3: Logging in

  1. With the OpenID configuration now established, proceed to the login screen.

  2. Select the Federated authentication method, labeled with the Configuration name you specified.

  3. Clicking on this authentication method will redirect you to your OpenID provider's sign-in page.

  4. After successfully authenticating with your OpenID provider, you will be automatically redirected and logged into CloudBeaver.