Has anyone been able to setup OIDC SSO in Jumpclou...
# gooddata-cloud
Has anyone been able to setup OIDC SSO in Jumpcloud for GoodData Cloud?
Jumpcloud supports SSO via OIDC as indicated here: https://jumpcloud.com/support/sso-with-oidc
Hey Hal, As already mentioned in related ticket, JumpCloud isn’t one of tested Providers, but here are some hints: Redirect URI should be similar to the Callback URL:
- further instructions can be found here. Login URL should be same as your GD Cloud hostname. I am glad that you posted here also the official JumpCloud’s documentation: https://jumpcloud.com/support/sso-with-oidc Especially the part related to Client Authentication Type is quite important: • Client Secret POST – the client authorizes itself providing the secret in the HTTP request body as a form parameter • Client Secret Basic – the simplest method of client authentication using client secrets. It is a method where an application uses the HTTP Basic Authentication Scheme to authenticate with the authorization server • Public (None PKCE) – Client authentication set to none and with the use of Proof Key of Code Exchange (PKCE) was created as a secure substitute for the OAuth implicit flow, where the client receives access tokens as the result of authorization Please be aware that we do not support the third option - Public (None PKCE). It needs to be evaluated on your end, which of the two remaining options suits you better. The last Import/Export users option needs to be again decided on your end. For example, if you plan to work with Just-In-Time (JIT) User Provisioning, I’d stick to the Export users to this App option. Hopefully somebody with active GD Cloud/JumpCloud integration would chip in with their experience as well. 🤞