Skip to main content

The Role of OIDC (OpenID Connect) in User Authentication

OpenID Connect (OIDC) is a modern authentication protocol built on top of OAuth 2.0. Integrating Invariant Technology with an OIDC-compliant Identity Provider (IdP) like Okta, Azure AD, Auth0, or others, offers significant advantages for user management and security.

Why Use OIDC with Invariant?

  • Single Sign-On (SSO): Users can log in to Invariant using the same credentials they use for other corporate applications connected to your IdP. This simplifies the user experience (fewer passwords to remember) and reduces password fatigue.
  • Centralized Identity Management: User identities are managed by your organization's central IdP. This means:
    • Consistent Policies: Password complexity, multi-factor authentication (MFA), and account lockout policies are enforced by your IdP, ensuring consistency across applications.
    • Simplified Onboarding/Offboarding: When an employee joins or leaves your organization, their access to Invariant (and other connected applications) can be managed centrally through the IdP. Disabling an account in the IdP typically revokes access everywhere.
  • Enhanced Security:
    • Leverages the robust security features of your IdP (e.g., MFA, conditional access policies).
    • Reduces the risk associated with users managing separate, potentially weaker, passwords for Invariant.
    • Reduces Invariant's direct involvement in password storage and management for those users.

How OIDC Changes the Login Experience:

When OIDC is configured and set as a login method:

  1. A user attempting to log into Invariant is redirected to your IdP's login page.
  2. The user authenticates with their IdP credentials (and MFA, if configured).
  3. Upon successful authentication, the IdP redirects the user back to Invariant, asserting their identity.
  4. Invariant grants access based on this validated identity.

For users authenticating via OIDC, Invariant's native password policies become less relevant, as password management is handled by the external IdP. Understanding OIDC is key to leveraging modern, secure authentication within your Invariant workspace.

======

Invariant provides Single Sign-On (SSO) via OIDC functionality for customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.

What is SSO?

Who can use SSO?

Setup SSO

Step-by-Step Instructions:

Step 1: Navigate to the login page and select the "Login with [Identity Provider]" option. Step 2: You will be redirected to the identity provider's login page. Enter your credentials (e.g., email and password). Step 3: If multi-factor authentication (MFA) is enabled, complete the additional verification steps. Step 4: Review and consent to any requested permissions (e.g., access to your email or profile information). Step 5: After successful authentication, you will be redirected back to the application and logged in. Troubleshooting Tips:

What to do if login fails (e.g., check credentials, ensure MFA is set up correctly). How to handle issues with permissions or consent. Security Notes:

Emphasize the importance of using a trusted identity provider. Highlight the use of secure tokens for session management. Visual Aids:

How do I reset my password with OIDC?