- Introduction
- Installation
- Prerequisites
- Basic
- Advanced
- Installing on an Alternate Port
- Securing a Decisions Installation
- Configuring the Server for SSL (HTTPS)
- Running as a Non-Admin
- Silent Installation
- Installing a Failover (HA) Server
- Configuring Server for HTTPS Redirection
- Installing Decisions Using Azure Service Principal
- Non-Admin Users in Azure PostgreSQL
- Enterprise
- Background Processing with Decisions Enterprise
- Containers
- Containers Overview
- Decisions Container
- Decisions Environment Variables
- Configuring Settings.xml to Environment Variable
- Deploying Containers on Docker
- Deploying Containers on Azure
- Deploying Containers on Amazon ECS
- Deploying Containers on GCP
- Deploying Azure Kubernetes Services (AKS)
- Deploying an AWS Kubernetes Cluster
- Securing Decisions Container Environment
- AWS Container Setup
- Clustering
- Multi Tenancy
- Upgrading
- Getting Started
- Projects
- Data Structures
- Starting with Data Structures
- Creating Data Structures
- Creating Case Entities Updated
- Creating Entities
- Creating Leased Entities
- Creating External Entities
- Creating Entity Extensions
- Creating Folder Extension Data Structures
- Creating Flow Execution Extension Data Structures
- Creating Flow Structures
- Creating Defined Data Structures
- Creating Database Structures
- Creating Value Lists
- Creating a CSV Data Structure
- Creating Types From JSON Schema
- Creating Types From XSD
- Creating Types From JSON
- Data Fields
- Building Data Structures CRUD Actions
- Managing Data Structures
- Flows Updated
- Create Flows
- Flow Behaviors
- About Flow Behaviors
- Building and Using Converter Flows
- Flow Step Trigger (After, Before, Error) Flow Behavior
- Folder Count Flow Behavior
- Login User Flow Behavior
- Post to Flow Handler Behavior
- Login User UI Flow Behavior
- Process Folder Data Aware Behavior
- Tile Source Flow Behavior
- Turn Flow Statistics On
- Get Page Variable
- Report Field Action Handler Flow
- Password Reset Flow
- Creating a BPMN Flow
- Exporting BPMN Flow
- Report Group Action Flow
- Steps
- Simple Flows
- Sub Flows
- Flow Behaviors
- Configure Flows
- Debug Flows
- Implement Flows
- Best Practices
- Create Flows
- Forms
- Create Forms
- Form Controls
- Data Grids
- Data Repeaters
- Dropdown Lists
- Javascript Controls
- Form Control Glossary
- Form Control Behavior Overview
- Form Control Key Triggers
- Adding a Timeline to a Series of Forms
- Color Picker
- Copy-able Label
- Creating Help Text Messages for Form Fields
- Masked Textbox Control
- Currency Box and Number Box/Spinner
- Document Viewer
- Multiple File Upload and Download Controls
- Tree View Control
- User Controls
- Video Control
- Latitude and Longitude Control
- HTML Display Control
- Create Form with Property Grid
- Editing Data Objects in a Wizard Property Grid
- Progress Bar Overview
- Editing CSV Records in a Form
- Simple Forms
- Form Controls
- Configure Forms
- Layout & Design
- Data & Logic
- CSS
- Form Settings in the Flow Designer
- Implement Forms
- Create Forms
- Formulas
- Rules
- Create Rules
- Creating Statement Rules
- Creating an Expression Rule
- Creating a Truth Table
- Creating an External Truth Table
- Creating a Rule Table
- Creating a Matrix Rule
- Creating a Tree Rule
- Creating a Rule Set
- Creating an Interceptor Rule
- Creating a Rule Chain
- Creating a Sequential Rule
- Leveraging Default Rules
- Rule Verbs
- Configure Rules
- Debug Rules
- Implement Rules
- Create Rules
- Reports Updated
- Pages / Dashboards
- Create Page / Dashboard
- Page Controls
- Charts
- Tiles
- JavaScript Page Controls
- Selecting a Data Drill View for the Report Viewer
- Report Viewer Control
- Flow Run Part
- Folder Activity Panel
- Folder Viewer
- Tag Browser
- Adding Folder Navigation Buttons to a Page
- Horizontal Folder Timeline Updated
- Adding an Image to a Page/Dashboard
- Adding Run Flow Links or Buttons to a Page
- Adding User Actions with a Page/Dashboard with the Action Bars Component
- Date Range Filter on Pages
- Filtering Reports via Page Control
- Page Controls
- Configure Page
- Implement Page New
- Create Page / Dashboard
- Networking
- Integrations
- Starting with Integrations
- Agents
- Database Integrations
- Database Integrations Overview
- Integrating an External Database with a Flow
- Creating a Database in MSSQL for Decisions
- External Database Integration
- Advanced PostgreSQL Connection
- Connecting with an ODBC
- Integrate with Database Table
- Fetching External Data to a CSV
- Return Dynamic Data Rows When Fetching Data From Database
- Creating Access Pattern For Table Integrations
- Using Stored Procedure in Flows
- Raw SQL Step
- Integrating Decisions with External Oracle Database
- Connect to MySQL
- Connecting to Amazon Redshift
- External Service for OData
- Adding a Query to a Database
- Add Query (Parameterized Queries)
- Using Transaction Steps
- Integrating with Snowflake Updated
- Managing Database Connection Timeouts
- Troubleshooting Database Connection Response Times
- External Services
- JWT
- OAuth
- Using Decisions in External Applications
- Services
- Query Editor
- Decisions Backend
- Modules
- About Modules
- Available Modules
- Installing Modules
- Generating Certificates with OpenSSL
- Active Directory
- Adobe Sign
- AI.Common
- AWS
- AWS Bedrock
- Azure
- Box Module
- Datamatics
- Docker
- Docusign
- Dropbox
- Equifax
- Exchange Web Services
- Experian
- FHIR
- Financial
- Foreign Exchange
- Google Drive
- Google Cloud
- Google Vertex
- Google Gemini
- HL7
- HubSpot
- IBM ODBC
- iCal
- Jira
- Logging.WindowsEvent
- Messaging
- MongoDB
- MS OneDrive
- Okta
- OpenAI
- OpenID
- PGP
- Plaid
- PowerShell
- Python
- QR Codes
- R Module
- Redis Queue
- Remedy
- Salesforce
- SAML
- Sharepoint
- Slack
- SSH
- Symantec
- Telephony
- USPS
- UnitTestCore
- Word To PDF
- X12
- SDK
- Advanced
- Guide of Decisions Entities Locations in SQL Tables
- API and Authentication Updated
- Modifying an Application Servers SMTP Settings
- Using Selenium and NUnit for Front-end Testing
- Adding Common Data Elements
- Changing the Portal Base URL
- Securing Decisions and Web Application Firewalls (Azure)
- Decisions Disaster Recovery Architecture
- Troubleshooting
- Logging & Auditing
- Logging Overview Updated
- Logging Settings
- Reading Logs
- Using the Log Step
- Writing To Log Files
- Creating Custom Log Files
- Setting up AWS Cloudwatch Logging
- Setting Up Azure Log Analytics Integration
- Enabling W3C Logging
- Enabling Auditing
- Configuring Decisions with Grafana Loki
- Troubleshooting Using the Profiler
- Usage Logs
- Understanding Thread Jobs and Processes
- Administrators
- User Management
- Accounts & Groups
- AD (Active Directory)
- SSO (Single Sign-On)
- Deployment
- Customization
- Permissions
- System Folders
- System Settings
- System Folders Tree Updated
- Controlling Assignment Notification Types for Server
- Creating Custom Modes of Notification with Notification Flows
- Event Viewer
- Flow Management Dashboard Updated
- System Validation Folder
- Turn Portal Statistics On
- Configuring Locations
- Stored Workflows
- Setting Up Notifications for Events Updated
- Edit Flow Data While A Flow Is Running
- Toolbox Visibility Rules
- Email and SMTP in Decisions
- File Archiving and Deletion Updated
- Integration Activities
- User Management
Users cannot set up AD Sync simultaneously with Single Sign On (via SAML and OpenID Modules). Doing so will result in an error that requires users to reset their sign-on setup.
Overview
OpenID Connect (OIDC) is an open standard and decentralized authentication protocol. The OpenID module allows users to create accounts by selecting an OpenID identity provider and then use those accounts to sign on to any website that accepts OpenID authentication.
Version 9 Endpoints
- LoginURL - [baseporturl]:[port]/Account/Login
- LogoutURL - [baseporturl]:[port]/Logout
Prerequisites:
- Preexisting OpenID Account
- Access to an OpenID API
- Installation of the OpenID module (to learn how to install a module, see Installing Modules)
- Unlike most modules, the OpenID module is located with the identity provider modules under System > Security > Identity Providers.
Basic Configuration
- Navigate to System > Settings and click OpenID Settings. Select the Enabled checkbox on the Edit Open Id Settings window and click ADD under Identity Providers.
- Enter an appropriate name in the IdP Name field. The Client ID, Client Secret, and Discovery URL (Authority) fields can be obtained from an Identity Provider. The Discovery URL (Authority) usually ends with ".well-known/openid-configuration". After configuring all the appropriate fields, click OK.Be sure the information being inputted is correct. Many Identity Providers have an allowed list of redirect URIs. It may be necessary to add "http://decisions/Login" to this list. The required information may change between different Identity Providers.
- Click the dropdown list under Primary Identity Provider and select the Identity Provider created. Click SAVE.When the Log OpenID Requests & Responses setting is enabled, requests and responses will be located at C:/Program Files/Decisions/Decisions Server/Logs/OpenID.
- In the File Explorer, navigate to C:\Program Files\Decisions\Decisions Server and open Settings.xml.
- Locate <EnableSingleSignOn> and set the value to true.
- Restart the Decisions Service service or IIS App Pool. If there is an active session, it might be logged in with a non-OpenID account. Log out or start a new session to be redirected to the identity provider. Once the identity provider has accepted the credentials, it will redirect to Decisions to log in with the OpenID account.
Login URL Parameter
This parameter is an authentication and authorization protocol built on top of OAuth 2.0. Users can specify which OpenID Provider to log in with by using the Login?OpenIDProvider=idofOpenIDProvider
URL parameter.
Alternate Token Fields
Email addresses can be acquired from different fields in the OpenID Token. Two options available in all versions are id_token and access_token. Starting in v9.5, users also have the option of the UserInfo field. Alternate token fields can be accessed when setting up or editing an Identify Provider, and then enabling the box "Get email address from alternate token field". The list of possible fields will appear.
Email Scope
In v9.4 and above users have a property for the IdP settings that allows email scope to be omitted. In certain use cases where IdP is blocking the sending of email because of the email scope, this option can be used to allow email to be sent.
Generally it is recommended to ignore unrecognized scopes.
Feature Changes
Description | Version | Release | Developer Task |
---|---|---|---|
Added Omit Email Scope property | 9.4 | October 2024 | [DT-041279] |
Added the option of getting the email address from the alternate token field Userinfo. | 9.5 | November 2024 | [DT-042684] |
OpenID Login Flow is now visible on Pick entity dialog while configuring login flows for identity providers. | 9.6 | January 2025 | [DT-043179] |