Versions Compared

Old Version 1

changes.mady.by.user Michael Dreher

Saved on

compared with

New Version 2

changes.mady.by.user Daylan Araz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page provides documentation on integrating an Identity Provider (IdP) with Unique's authentication system, enabling a seamless and secure SSO experience for the users. Unique uses Zitadel as an its Identity and Access Management (IAM) solution and various IdPs can be connected to it to allow for allowing users to login via Single Sign-On.

...

Microsoft Entra ID (OIDC)

...

Create an app registration

An App Registration needs to be created in Microsoft Azure. This can be done in Azure under App registrations > New registrations.

...

Info

Redirect URL is environment specific

  • Multitenant

    • https://id.unique.app/ui/login/login/externalidp/callback

  • Single tenant

    • https://id.<your-tenant-name>.unique.app/ui/login/login/externalidp/callback

  • Customer managed tenant

    • https://<custom-unique-zitadel-url>/ui/login/login/externalidp/callback

Authentication

After the app registration has been created, navigate to the “Authentication” section and make sure the “ID tokens” setting is selected. This is to ensure that the ID token is issued and sent along when a user uses SSO to login to Unique.

...

Token configuration

Next navigate to the “Token configuration” section and add necessary claims to the token. This is to ensure that the needed claims are sent on the ID token.

If you want to be able to sync your user groups from Azure to Unique, make sure to also add the groups claim as shown in the second screenshot below. What kind of groups you want to include on the groups claim is ultimately up to you. Unique recommends to include only the groups assigned to the application in order to have more control over what groups are synced and avoid exceeding the limit on the number of groups that can be included on the ID token.

...

Certificates & secrets

After the application has been registered and configured, create a Client Secret by navigating to “Certificates & Secrets” secrets” and copy the value of the secret. The secret is only visible once and is needed in order to setup SSO with Unique.

...

Required information for setting up SSO

Now all the information required to setup SSO for the Unique solution using Microsoft Entra ID (OIDC) is available.

...

If you are running on a Unique managed environment (Multi- or Single-tenant), then this is all you need. Provide these values to Unique in a secure way (sensitive client credentials) and Unique will take care of enabling SSO for your organization.

...

Zitadel is able to connect to any identity provider that supports SAML. SAML can even be used in a closed network not available from the internet.

Prerequisites

You need to register a new client with your SAML provider and provide us with either the Metadata URL or the Metadata XML. In case of an internal network not reachable from the internet only the Metadata XML is possible.

...