SameGoal Special Programs
search
SameGoal Special Programs

OpenID Connect Identity Provider




Support > Online Guides > Technical Guide > OpenID Connect Identity Provider
download

Your district can configure SameGoal to authenticate users against an OpenID Connect Identity Provider (IdP). Many districts use OpenID Connect (OIDC) to manage user authentication across a variety of district applications.

SameGoal supports specification compliant OIDC Identity Providers.

General OpenID Connect Configuration link

Steps
To configure SSO with any OpenID Connect identity provider:

  1. Configure your external OIDC Identity Provider.
  2. Log into SameGoal using an administrative account.
  3. Visit Settings (left menu) > District Information > OpenID Connect / OIDC.
  4. Enter the Client ID, Client Secret and Issuer URL provided by your IdP.

lightbulb Tip
SameGoal is not responsible for any fees associated with your use of third party identity providers.

lightbulb Tip
If your LEA requires some user accounts in SameGoal which do not exist in your OpenID Connect IdP, they can be configured using Force Local Authentication.

Google OpenID Connect Configuration (Google SSO) link

These instructions can be used to help districts setup Google SSO using OpenID Connect. Google is a common Identity Provider; as a service to clients, SameGoal provides Google-specific instructions.

lightbulb Tip
SameGoal is not responsible for any fees associated with your use of Google as an OpenID Connect Identity Provider.

lightbulb Tip
Google frequently changes their user interfaces; directions may not fully match the current Google interface.

Create a new Google API project link

Steps
To create a new Google API project:

lightbulb Tip
If you already have a Google Cloud Platform project that you wish to use, you may skip to the next section.

New Project

New Project Create

Steps
To setup the consent screen:

lightbulb Tip
If you have already configured your Google Credentials Consent Screen, you may skip to the next section.

Consent

Consent Complete

Create an OAuth 2.0 Client ID link

Steps
To create an OAuth 2.0 Client ID:

Credentials

Credentials Create

Credentials Popup

Microsoft Azure OpenID Connect Configuration (Azure SSO) link

These instructions can be used to help districts setup Microsoft Azure SSO using OpenID Connect. Microsoft Azure is a common Identity Provider; as a service to clients, SameGoal provides Microsoft Azure-specific instructions.

lightbulb Tip
SameGoal is not responsible for any fees associated with your use of Microsoft Azure as an OpenID Connect Identity Provider.

lightbulb Tip
Microsoft Azure frequently changes their user interfaces; directions may not fully match the current Microsoft Azure interface.

Register a new Microsoft Azure application link

Steps
To register a new Microsoft Azure application:

lightbulb Tip
If you already have a Microsoft Azure Active Directory application that you wish to use, you may skip to the next section.

New App

New App Register

Copy the OAuth 2.0 Client ID link

Steps
To copy the OAuth 2.0 Client ID:

Client Credentials Copy

Tenant Credentials Copy

Create a new OAuth 2.0 Client Secret ID link

Steps
To create a new OAuth Client Secret ID:

Secret Create

lightbulb Tip
The shorter the expiration, the more often this setup must occur.

Secret Configure

Secret Copy

Enter configuration information into SameGoal link

Steps
To enter configuration information into SameGoal:

lightbulb Tip
It may take 5 minutes to a few hours for settings to take effect.

lightbulb Tip
If you are using Google SSO, the Issuer URL should be https://accounts.google.com

lightbulb Tip
If your LEA requires some user accounts in SameGoal which do not exist in your OpenID Connect IdP, they can be configured using Force Local Authentication.



info