OpenID Integration
  • 01 Feb 2023
  • 1 Minute to read
  • Dark

OpenID Integration

  • Dark

Successful implementation rests heavily on experienced client-side technical resources. Decisions' Support Team can help but may not be able to answer questions or solve issues specific to the organization.
Users cannot set up AD Sync simultaneously with Single Sign On (via SAML and OpenID Modules). Doing so will result in an error that requires users to reset their sign-on setup.

OpenID Connect (OIDC) is an open standard and decentralized authentication protocol. The OpenID module allows users to create accounts by selecting an OpenID identity provider and then use those accounts to sign on to any website that accepts OpenID authentication.

Version 8 Endpoints

  • LoginURL - [baseporturl]:[port]/Account/Login 
  • LogoutURL - [baseporturl]:[port]//Logout 
The port number is ONLY needed if Decisions is installed to a non-standard port, which would be anything other than port 80 for HTTP or port 443 for HTTPS.


  • Preexisting OpenID Account
  • Access to an OpenID API
  • Installation of the OpenID module (to learn how to install a module, see Installing Modules 

Basic Configuration

Accounts created before the OpenID module was installed will need to be updated before using a single sign-on. Please contact Decisions Support on how to update the account.
  1. Navigate to System > Settings and click OpenID Settings. Select the Enabled checkbox on the Edit Open Id Settings window and click ADD under Identity Providers.
  2. Enter an appropriate name in the IdP Name field. The Client ID, Client Secret, and Discovery URL (Authority) fields can be obtained from an Identity Provider. The Discovery URL (Authority) usually ends with ".well-known/openid-configuration". After configuring all the appropriate fields, click OK.
    Be sure the information being inputted is correct. Many Identity Providers have an allowed list of redirect URIs. It may be necessary to add "http:///decisions/Login.aspx " to this list. The required information may change between different Identity Providers.
  3. Click the dropdown list under Primary Identity Provider and select the Identity Provider created. Click SAVE.
    When debug logging is enabled, requests and responses will be located at C:/Program Files/Decisions/Decisions Server/Logs/OpenID. 

  4. In the File Explorer, navigate to C:\Program Files\Decisions\Decisions Server and open Settings.xml. 
  5. Locate <EnableSingleSignOn> and set the value to true. 
  6. Restart the Decisions Service service or IIS App Pool. If there is an active session, it might be logged in with a non-OpenID account. Log out or start a new session to be redirected to the identity provider. Once the identity provider has accepted the credentials, it will redirect to Decisions to log in with the OpenID account.

For further information on Modules, visit the Decisions Forum.

Was this article helpful?

What's Next