Loading...
Area: Optimizely B2B Commerce

Set up OpenId Connect SSO

Recommended reading 

You can use OpenId Connect SSO as an identity layer on top of the OAuth 2.0 protocol. This allows you to verify user identities based on the authentication performed by an Authorization Server.

Login via OpenId Connect is enabled by changing the relevant settings in the Admin Console. Changes to these settings will not take affect until after the application pool is recycled.

Enable OpenId Connect SSO

  1. Navigate to Administration > System > Settings in the Admin Console.

  2. Search for Allow Sign in With OpenId Connect

  3. Set the Allow Sign in With OpenId Connect toggle to YESIf Yes, an OpenId Connect button will appear on the sign in page. Default value: No.

  4. Set the Use OpenId Connect Sign In on Storefront toggle to YES, if you want to enable this. If Yes, an OpenId Connect button will appear on the storefront sign in page. Default value: No.

  5. Set the Use OpenId Connect Sign In on Admin Console to YES, if you want to enable this. If Yes, an OpenId Connect button will appear on the admin console sign in page. Default value: No.

  6. Enter an OpenId Connect Caption. This is the caption to show on the OpenId Connect button. Default value: OpenIdConnect.

  7. Enter your OpenId Connect Client ID. The client ID identified by your OpenId Connect application used for OpenId Connect login.

  8. Enter your OpenId Connect Client Secret. The Client Secret identified by your OpenId Connect application used for OpenId Connect login. Leave this blank if it's not required.

  9. Enter you OpenId Connect Authority URL. The Authority URL of your OpenId Connect application.

  10. Set the OpenId Connect Requires Nonce toggle to NO, or false, if your OpenId Connect provider does not support nonce. Default value: Yes.
  11. Click Save.

Note: If you plan on using SSO for the Admin Console and you do not wish to automatically assign any permissions, you should update the Assign A/C User Role with SSO setting to NO.  New Admin Console users will then require an existing user to set their roles up manually. Default value: Yes.

Configure the SSO Clients

  1. Navigate to Administration > Permissions > Single Sign On in the Admin Console.
  2. If you want to use OpenID Connect for the storfront, click Edit for the ext client. 

    1. Enter your website urls in the Redirect Uris (comma separated list of redirect uris). These have to use the path /identity/externalcallback, for example https://www.b2bcommercesite1.com/identity/externalcallback,https://www.b2bcommercesite2.com/identity/externalcallback, etc.

    2. Click Save.
  3. If you want to use OpenID Connect for the Admin Console, click Edit for the isc_admin_ext client.

    1. Enter your website urls in the Redirect Uris (comma separated list of redirect uris). These have to use the path /identity/adminexternalcallback, for example https://www.b2bcommercesite1.com/identity/adminexternalcallback,https://www.b2bcommercesite2.com/identity/adminexternalcallback, etc.

    2. Click Save. 
Do you find this information helpful? Please log in to provide feedback.

Last updated: Dec 11, 2020

Recommended reading