OpenID Integration

Last Updated: 09/04/2018 Introduced in Version:

Warning: This will require appropriate technical resources on the clients side to be able to implement. We recommend making sure you have someone from your organization with experience available to streamline the process.  Our support team is available to help, but may not be not be able to answer questions or solve problems that are unique to your company.

Note: Accounts created before the following module is installed will need to be updated before using single sign on. Please contact support on how to update the account. 

 

OpenID is an open standard and decentralized authentication protocol. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign onto any website which accepts OpenID authentication.

Basic configuration:

Install OpenID module.

 

Note: to install Module in Decisions please read the following document.

A prompt will pop-up to restart Service Host Manager

 

Navigate to System and Restart Instance

 

Locate the OpenID Settings in System>Settings and select the Enabled checkbox

 

 

Add a new identity provider in the Identity Providers section

 

Only four fields need to be filled.

For IdP Name choose any name for this configuration

Get the values of Client ID, Client Secret, and Discovery URL (Authority) from your identity provider. The Discovery URL usually ends with “.well-known/openid-configuration“.
 
Select OK to finish creating this identity provider. Be sure it is selected as your Primary Identity Provider in OpenID Settings. Select Save.
 
Be sure the information given to your identity provider is correct. Many IdPs have a whitelist of redirect URIs. It may be necessary to add “http://<your base portal URL>/decisions/Login.aspx” to this list. The required information may change between different IdPs.
 
Final step is to navigate to Settings.xml by “C:\Program Files\Decisions\Decisions Services Manager
 
 
 
 
Use a search tool to locate EnableSingleSignOn to true and restart.
If there is an active session, it might be logged in with a non-OpenID account. Log out or start a fresh session and this should redirected to the identity provider. Once the identity provider has accepted the credentials, it will redirect back to Decisions and logged in with the OpenID account.

Additional Resources