OpenID Connect (OIDC)
To set-up a third-party identity provider (IdP) to enable SSO into CPM, the following information will be required:
- An Issuer URL
- A Client ID
How these are obtained, will depend on your IdP, so you should refer to their documentation.
You may need a callback URL when configuring the SSO on your side, this is different depending on the environment:
- If you are integrating with a sandbox DataGuard CPM tenant then use this URL:
https://sandbox-consentric.eu.auth0.com/login/callback
- If you are integrating with a production DataGuard CPM tenant in the UK then use this URL:
https://consentric.eu.auth0.com/login/callback
- If you are integrating with a production DataGuard CPM tenant in the EU then use this URL:
https://dgconsentde.eu.auth0.com/login/callback
Authorisation
Once the SSO has been set up, you will need to configure custom Roles to authorise your users. The Roles should be collected into an array of strings, and inserted into the ID Token as the following custom claim:https://consentric:io/roles
(yes, that is a colon, not a dot). The supported roles are:
[ "DG_Permissions_Agent", "DG_Permissions_Admin"]
The roles permit users to do different things in the UI:
DG_Permissions_Agent
: Allows the user to see information about any citizen stored in the CPM instance.DG_Permissions_Admin
: Allows the user to configure the CPM instance.
Updated 3 months ago