GDPR and security
      Back to home
      1. Help Center
      2. GDPR and security

      SSO via OIDC (OpenID Connect)

      What is OpenID Connect, how does it work and why is it used?

      In this article, we'll introduce you to SSO via the OIDC (OpenID Connect) protocol, how it works at Beetween and the benefits of using it.

      What is SSO via OIDC?


      SSO via OIDC is a connection mode that authenticates a user to an identity provider (Google, Microsoft...) via OpenID Connect (OIDC), an identification layer based on OAuth 2.0, an authorization protocol. OIDC is a standard managed by the OpenID Foundation.

      How does OpenID Connect work?


      As mentioned above, OpenID Connect uses the OAuth protocol, which works as follows:

      1. The user goes to the Beetween login page;
      2. He chooses “Connect with...”, i.e. via SSO, and fills in his credentials corresponding to the identity provider;
      3. A request is then sent to the identity provider;
      4. The identity provider authenticates the user and authorizes him to connect;
      5. Beetween uses the URL to retrieve user information (/userinfo);

      6. Beetween uses the information in this URL to check that the user is known (the user's SSO login must have been correctly entered when the Beetween account was created);

      7. The user is connected to Beetween.

       

      📌 OpenID Connect retrieves the user's e-mail address directly from the identity provider.


      Of course, for an SSO connection to work, the identity provider must have been declared to Beetween beforehand, so that the software can recognize the identifiers used. You'll also need to provide us with the configuration URL.

      Why use OpenID Connect?


      OpenID Connect enables you to retrieve reliable information about users who are trying to log in, and thus identify them formally. With OIDC, password storage and management is no longer necessary.

      OpenID Connect can also support personal data encryption and automatic session logout, for example. It guarantees security and privacy.

      Prerequisites and requirements

      Items to be supplied :

      • Link to your OIDC “Discovery Document”; also known as a “well-known endpoint”.

      Items to configure on your side :

      • The “userinfo” endpoint must contain the “email” claim so that Beetween can associate it with an SSO login.
      • You must configure the following redirect URIs on the client associated with Beetween so that your identity provider authorizes Beetween to send authentication requests:
        • https://software11.beetween.com/*
        • https://software12.beetween.com/*
        • https://app.beetween.com/*

      🚀 To go further…


      The process used for authentication is implicit flow, which will evolve in the future. Beetween does not use scope.

      💡 Would you like to find out more about OpenID Connect? You can consult the OpenID Foundation's online documentation.