PubSub+ Cloud SSO with OpenID Connect

Organizations with an identity provider that support OpenID Connect (OIDC) can enable single sign-on (SSO) for their PubSub+ Cloud account. This will allow users to log in directly to PubSub+ Cloud after being authenticated through an OIDC service provider. You can enable SSO directly through the PubSub+ Cloud Console.

Note that after SSO is enabled, assigning roles is still done within PubSub+ Cloud; users will still need a PubSub+ Cloud account and assigned role to access the console.

Authenticating PubSub+ Cloud Users

To authenticate the user, PubSub+ Cloud uses OAUTH 2.0 with OpenID Connect 1.0. PubSub+Cloud receives an OpenID Connect ID 1.0 token from the user, and also an OAuth 2.0 token when the user authenticates through the identity provider.

The authentication process with an identify provider is shown in the following diagram: