Generic SSO manual for OAuth 2.0 and OpenId Connect 1.0

Introduction

Dialog supports single sign-on (SSO) based on OAuth 2.0 and OpenID connect 1.0. In order to set this up for your organization, you must take a number of actions yourself. In addition, we need certain information to properly set up the SSO on our side. 

In this document you will find all the information necessary to use the SSO. We also share a number of frequently asked questions about the SSO and the corresponding answers. If you have any other questions, please do not hesitate to send an email to support@dialog.nl.

 

Actions

Perform the following actions in your identity provider. 

  1. Check if your SSO provider supports the 'Authorization Code flow'
  2. Check if the following scopes are allowed: 'openid', 'email', 'profile'
  3. Allow the following redirect url: 
  4. If possible, set the homepage for the SSO as: https://app.dialog.nl 
  5. Set the following icon as the icon for the link:

 

Claims

Dialog follows the OpenID Connect 1.0 standard and expects the following claims to be sent along in the Identity Token (https://openid.net/specs/openid-connect-core-1_0.html#Claims): 

  • email
  • given_name
  • middle_name
  • family_name
  • name

The exact naming, as indicated above, is essential for parsing the token. Some identity providers must explicitly state that the claims are also placed in the identity token.

In addition to the above actions, the following is important to check:

  • Make sure that in your Identity Provider users have entered both the first name and last name (claims: 'given_name', 'middle_name', 'family_name'). This is taken over by Dialog. If these fields are empty, the full name (the 'name' claim) will be transferred.
  • Make sure that users in Dialog are invited with their original email address. Alias ​​email addresses cause problems logging into Dialog if the Dialog email address is different from the user's original email address.

 

Required information

After performing the above actions, you will see information that we need to properly configure the SSO. You can copy the table below and fill in your answers in the column 'Answer'.

 

Category Answer
Discovery url  
Client ID  
Client secret  
Issuer ID  
Email domain(s) e.g. @dialog.nl
Expiration date client secret  

 

Frequently asked questions

Was this article helpful?
0 out of 0 found this helpful