Skip to content

OIDC (OpenID Connect) binding

If you already have an account or a user profile from an identity provider, OpenID offers you to reuse this account in other applications, for example, in octoplant.

Example: As an Apple, Google or Microsoft user you can sign-in to any OpenID-enabled application or website without creating a new registration and password.

OpenID Connect (OIDC) is an interoperable authentication protocol based on the OAuth 2.0 framework of specifications.

Info

Explanations of the terms used in the context of OpenID can be found on the website OpenID.

octoplant can currently be used with the following ID providers:

  • Microsoft Azure/AD
  • On-premises Microsoft Azure/AD

Info

This tutorial only describes the connection of OIDC in octoplant. For basic configuration and OIDC setup procedures, please refer directly to the websites of the individual ID providers.

OAuth

OAuth (Open Authorization) is a standardized authorization method for software products which relies on ID providers (for example Microsoft Azure AD) to handle credentials and generated tokens for secure software access.

As a customer you can freely choose to use OAuth or not. If not, no additional system configuration is necessary. OAuth is disabled by default. If you choose to use OAuth, you must activate and configure it separately. This is described in this tutorial.

Using OAuth requires slight changes in the login process, and comes with additional requirements to increase security:

  • A secure certificate needs to be implemented on the octoplant server. For this, support from your IT can be required.
  • Communication now requires the use of a fully-qualified domain name (FQDN) at server and client side. Additionally, a domain name system (DNS) server needs to be in place. DNS servers are normally configured for octoplant automatically by the octoplant server operating system.
  • An ID provider needs to be reachable from the octoplant server and client.

OAuth can be combined with other login options (local login, LDAP, etc.). If all options are configured, you can choose the preferred option at the login screen.

Login with OAuth

The octoplant login dialog includes a check for OIDC providers. This check can be disabled in the Server configuration dialog using the Check for OIDC providers checkbox.

FAQ

How to fix the NET::ERR_CERT_AUTHORITY_INVALID errors

Following the procedure described in Using your own security certificate, combined with proper Certificate Authority (internal or external) will fix NET::ERR_CERT_AUTHORITY_INVALID errors.