SSO Setup Documentation

Overview

This guide covers the setup process for Single Sign-On (SSO) using the OpenID Connect (OIDC) protocol. The configuration involves two main phases: providing information to your SSO provider and obtaining configuration details from your provider.

Setup Process

Step 1: Configure OAuth Application with Your SSO Provider

1. Log into your SSO provider's admin console
2. Create a new OAuth/OIDC application
3. Configure the application with:
   • Redirect URI: https://app.tildei.com/auth/oidc/callback
   • Scopes: Include at minimum profile and email (SSO providers may also have the oidc scope)
   • Client Type: This varies by provider, but usually it’s similar to: Confidential (server-side application), we want to enable an Authorization Code Flow with PKCE (if available) - reach out to your Tildei team if you have any questions!
4. Save the configuration and note the generated Client ID and Client Secret

Step 2: Gather OIDC Configuration Details

From your SSO provider, collect:

• Configuration URL (/.well-known/openid_configuration endpoint)
• Issuer URL
• Authorization Endpoint
• Token Endpoint
• JWKS URI
• User Info Endpoint

Some providers don’t show all of these values, and that’s okay - your Tildei team can work with you to get the information from the Configuration URL or Issuer URL.

Step 3: Complete the SSO Configuration

Work with your Tildei team to set up the Identity Provider for your account, including: