Configuring Your OpenID Connect Identity Provider

To set up single sign-on (SSO) for Solace Cloud, you must configure your OpenID Connect (OIDC)-based identity provider (IdP) to authenticate users for Solace Cloud and to provide the user claim values that Solace Cloud needs.

The exact process for setting up your IdP differs depending on the service provider. To learn how to provide Solace Cloud information to your IdP and get details for Solace Cloud from your IdP, consult your IdP documentation:

Microsoft Entra ID

Okta

Auth0

PingIdentity

Amazon Cognito

Configure Your Identity Provider for Solace Cloud

To configure your identity provider, perform these steps:

  1. Create a new OpenID Connect application or app client. The process varies depending on your IdP.
  2. Provide the following settings for the application.
    • Response Type: Code
    • Grant Type: Authorization Code
    • Grants/Claims: Email, openid
    • Redirect URL/URI: https://<subdomain>.solace.cloud/sso/login where the subdomain is provided by Solace.
  3. If you intend to configure Group Management, ensure that the application is configured to provide the claim values that you will map to user groups in Solace Cloud.

    If your IdP can't be configured to automatically provide the required claim, you may need to configure Solace Cloud to request additional scopes during authentication. For example, for Amazon Cognito, if you want to use custom attributes for claim mapping, you need to allow the profile scope and enter profile in the Additional Scope(s) field in Solace Cloud.

  4. If the following settings are required by your IdP, set them as follows:
    • Token Endpoint Authentication Method: Client Secret Basic
    • Start SSO URL/Initiate Login URL: https://<subdomain>.solace.cloud/sso/login where the subdomain is provided by Solace.
  5. If your IdP does not automatically create a client secret, create it manually.
  6. Record the following information, which you need to configure your SSO settings in Solace Cloud:
    • Client ID
    • Client Secret
    • OpenID Connect (OIDC) Discovery URL
    • For group management, the claim values that you want to map to user groups

Once your identity provider is set up, you can finish Enabling SSO for Solace Cloud.