Skip to main content
Skip table of contents

Authentication Journey via OpenID Connect (OIDC)

In addition to the External Card Validation, the Authentication Journey feature is also available to enable users to log in to the ePRINTit SaaS application using credentials managed by an identity provider (OIDC).

This method is useful when users do not have access to their physical access card but still need to authenticate securely through a defined login flow.

image-20250530-221258.png
image-20250530-154524.png

 

Display on Portal

Controls whether the identity provider is shown as a login option on the user-facing login portal.

 

Identity Provider Type

Refers to the category or specification of an identity provider used for authentication and authorization services, often in the context of single sign-on (SSO) and user access management. From this dropdown, select the OpenID Connect Identity Provider.

 

Client ID

Is a unique identifier used to distinguish and recognize a specific client, typically in the context of business, services, or applications. Enter the Client ID for the OpenID Connect Identity Provider here.

 

Client Secret

Is a confidential and securely stored piece of information used for authentication and authorization purposes, often in the context of API access or client-server interactions. Enter the client secret for the OpenID Connect Identity Provider.

 

Discovery Document

Is typically a structured file or data source that contains important information about an API (Application Programming Interface), its endpoints, authentication methods, and available resources. Enter the Discovery Document of the OpenID Connect Identity Provider here.

 

Alternative Authorization Endpoint

An alternative Authorization Endpoint in an OpenID identity provider is an additional or customized URL that allows clients to request authorization from the identity provider in a way that might differ from the standard flow. This helps ensure flexibility and support for diverse authentication needs.

When the Alternative Authorization Endpoint is provided and populated in the OpenID IDP data, the backend will use this as the authorization_enpoint and override the Discovery document “authorization_endpoint”.

 

Additional Scopes

The Additional Scopes field is used to specify any extra OAuth 2.0 scopes that should be requested during the authentication process. Scopes define the level of access and types of user information the identity provider should return.

These scopes are sent as part of the authentication request and help the identity provider determine which user attributes or permissions should be included in the token.

 

ACR Values

The ACR Values (Authentication Context Class Reference Values) field is used to specify the desired level or method of authentication that the identity provider should enforce during the login process.

This value tells the identity provider which authentication journey or policy to apply when processing a login request. It is particularly useful in environments that support multiple login methods. Enter the appropriate ACR value as defined by your identity provider’s configuration. This field must match a supported authentication context set up within the identity provider to ensure a successful login flow.

 

Display

 

 

Token Expiry Time(in hours)

Refers to the period during which a security token, such as an access token or session token, remains valid for authentication or authorization purposes. Enter the Token Expiry Time here in hours.

 

Callback URL

After adding the OIDC Identity Provider, when you edit that identity provider then you will see the Callback URL section. This callback URL helps customers by redirecting them to the ePrintIt SaaS portal.

 

Custom Values

The Custom Values field allows administrators to define additional key-value pairs that are sent as part of the authentication request to the OIDC (OpenID Connect) identity provider. These values provide extra flexibility for customizing the authentication journey and meeting specific requirements.

 

Mapping field

Is a term commonly used in data integration and transformation. It typically refers to a data field that links or associates data from one source to a corresponding field in another source. Here are multiple dropdowns. From these dropdowns, select the mapping variables. The data within a mapping field that connects or associates data from one source with its counterpart in another source, facilitating data integration and transformation. Here are multiple dropdowns. From these dropdowns, select the mapping values.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close