OAuth2 / OpenID Connect Authentication
The OAuth2 / OpenID Connect authentication offers the possibility to log into i-net PDFC without entering user data, in particular the password.
The following OAuth2 and OpenID provider are currently supported:
- Microsoft ADFS Authentication
- Apple Authentication
- Facebook Authentication
- Google Authentication
- GitHub Authentication
- Microsoft Azure AD / Entra ID Authentication
- OpenID Authentication
If you need any other OAuth 2.0 or OpenID Connect provider then they can easily be added. If you need a public available provider please contact the support of i-net PDFC. If you want to use a private provider you can add it with a custom plugin.
Provider that use the outdated protocols OAuth 1.0 and OpenID 2.0 are not supported.
Note: Using OAuth authentication in conjunction with the SameSite
cookie attribute either requires the value Lax
or that the OAuth provider URLs are added to the Allowed Cross Origins
Groups and Roles
OAuth2 authentication does not support groups and roles out of the box. However, some provider are capable of returning this information using custom claims - which is additional information that can be obtained during the authentication process. These claims can contain one or more groups / roles.
The configuration of claims heavily depends on the OpenID Provider and has to be set up manually using the OpenId providers documentation.
The following claim keywords can be used: role
, roles
, group
, groups