Implement OIDC using Tesseral
This article explains how you can implement OpenID Connect (OIDC) authentication in your app using Tesseral.
Sign up for Tesseral
If you haven’t already, follow the Quickstart Guide to set up your Tesseral Project.
Enable OIDC on your Project
Go to the Authentication page in the Tesseral Console and click on Configure Enterprise Settings. Then enable Log in with OIDC. Click Save changes.
Enable OIDC for an Organization
By default, Organizations don’t have OIDC enabled. You must enable OIDC for an Organization in the Tesseral Console.
To enable OIDC for your customer, go to the Organizations page in the Tesseral Console, select the Organization you’d like to enable OIDC for and go to the Authentication tab.
In the SSO section, enable Log in with OIDC. You will also need to provide at least one Allowed Domain for user of the Organization to log in with OIDC.
Advanced Configuration
Setting up OIDC on your customer’s behalf
The OIDC protocol requires configuration on your customer’s end. When you enable OIDC for an Organization, your customers will be able to configure OIDC themselves.
You can also configure OIDC on your customer’s behalf. To do this, you will need three pieces of information from your customer:
- A Configuration URL
- A Client ID
- A Client Secret
From there, you can go into an Organization’s Authentication tab in the Tesseral Console, and click on Create OIDC Connection. Input the three pieces of information.
Your customer will need one piece of information from you:
- A Redirect URL
In the Tesseral Console, you can copy this value from the Service Provider Details section on your newly created OIDC Connection. Your customer will need to enter these values into their provider.