Identity provider

Production deployments of Elimity Insights should rely on an identity provider for authentication of user accounts. We implement single sign-on (SSO) using the OpenID Connect (OIDC) protocol, both Entra ID and Google Workspace support this. More specifically, use the following Elimity Insights server configuration options to set up SSO: EnableOIDCAuthentication, OIDCClientID, OIDCClientSecret and OIDCProvider. Refer to our dedicated documentation for additional details. The following sections provide more information about setting up SSO in Entra ID and Google workspace.

Entra ID

1. Creating an app registration

Elimity Insights authenticates as an Entra ID enterprise application. Create a new app registration in Entra ID by following these steps:

1. Register a new application ('App registrations' > 'New registration')

   1. Name: e.g. elimity-insights

   2. Redirect URI platform: 'Web'

   3. Redirect URI value: https://{host}/api/oidc/callback, e.g. https://example.elimity.com/api/oidc/callback

   4. Click 'Register'

   5. Note down the new registration's application ID and directory ID

2. Generate a client secret for the app registration ('Certificates & secrets' > 'Client secrets' > 'New client secret') and securely note down the secret value.

2. Configuring Elimity Insights

Having created a new app registration, you can now set the following configuration options for the Elimity Insights server:

Google Workspace

1. Creating an OAuth2 client

Follow the steps outlined in Google's official documentation to create an OAuth2 client. Make sure you choose 'Web application' for the application type and add https://{host}/api/oidc/callback as an authorized redirect URI, replacing {host} your Elimity Insights server host. Note down the resulting client ID and secret.

2. Configuring Elimity Insights

Having created a new app registration, you can now set the following configuration options for the Elimity Insights server: