GuidesAPI ReferenceSign-UpRecipes

OpenID Connect (OIDC)

Suggest Edits

To set-up a third-party identity provider (IdP) to enable SSO into CPM, the following information will be required:

  • An Issuer URL
  • A Client ID

How these are obtained, will depend on your IdP, so you should refer to their documentation.

You may need a callback URL when configuring the SSO on your side, this is different depending on the environment:

  • If you are integrating with a sandbox DataGuard CPM tenant then use this URL:
    https://sandbox-consentric.eu.auth0.com/login/callback
  • If you are integrating with a production DataGuard CPM tenant in the UK then use this URL:
    https://consentric.eu.auth0.com/login/callback
  • If you are integrating with a production DataGuard CPM tenant in the EU then use this URL:
    https://dgconsentde.eu.auth0.com/login/callback

Authorisation

Once the SSO has been set up, you will need to configure custom Roles to authorise your users. The Roles should be collected into an array of strings, and inserted into the ID Token as the following custom claim:https://consentric:io/roles(yes, that is a colon, not a dot). The supported roles are:

[ "DG_Permissions_Agent", "DG_Permissions_Admin"]

The roles permit users to do different things in the UI:

  • DG_Permissions_Agent: Allows the user to see information about any citizen stored in the CPM instance.
  • DG_Permissions_Admin: Allows the user to configure the CPM instance.

Updated 3 months ago