Introduction
Dialog supports single sign-on (SSO) based on OAuth 2.0 and OpenID connect 1.0. In order to set this up for your organization, you must take a number of actions yourself. In addition, we need certain information to properly set up the SSO on our side.
In this document you will find all the information necessary to use the SSO. We also share a number of frequently asked questions about the SSO and the corresponding answers. If you have any other questions, please do not hesitate to send an email to support@dialog.nl.
Actions
Perform the following actions in your identity provider.
- Check if your SSO provider supports the 'Authorization Code flow'
- Check if the following scopes are allowed: 'openid', 'email', 'profile'
- Allow the following redirect url:
- https://api.dialog.nl/api/sso/openidconnectcallback
- https://acceptance-api.dialog.nl/api/sso/openidconnectcallback
- If possible, set the homepage for the SSO as: https://app.dialog.nl
- Set the following icon as the icon for the link:
Claims
Dialog follows the OpenID Connect 1.0 standard and expects the following claims to be sent along in the Identity Token (https://openid.net/specs/openid-connect-core-1_0.html#Claims):
- given_name
- middle_name
- family_name
- name
The exact naming, as indicated above, is essential for parsing the token. Some identity providers must explicitly state that the claims are also placed in the identity token.
In addition to the above actions, the following is important to check:
- Make sure that in your Identity Provider users have entered both the first name and last name (claims: 'given_name', 'middle_name', 'family_name'). This is taken over by Dialog. If these fields are empty, the full name (the 'name' claim) will be transferred.
- Make sure that users in Dialog are invited with their original email address. Alias email addresses cause problems logging into Dialog if the Dialog email address is different from the user's original email address.
Required information
After performing the above actions, you will see information that we need to properly configure the SSO. You can copy the table below and fill in your answers in the column 'Answer'.
Category | Answer |
Discovery url | |
Client ID | |
Client secret | |
Issuer ID | |
Email domain(s) | e.g. @dialog.nl |
Expiration date client secret |