Skip to content

OIDC SSO Setup and Configuration

This feature is available in the Enterprise and On-premise versions.

Configuring OIDC SSO in GitFlic

Refer to the documentation of your authorization service to learn how to set up a basic connection. Use one of the specified Redirect Url values when configuring the connection to GitFlic:

  • If using Standard Flow: {base.url}/oidc/callback
  • If using Implicit Flow: {base.url}/oidc/callback/implicit

Configuration When Using Standard Flow

On the OIDC connection setup page, you need to specify the following data obtained from your authorization service: Client ID, Client Secret, and Configuration URL.

Client ID and Client Secret should be taken from the settings of your client application created in the authorization service. The Configuration URL is usually found in the service settings, as it is generally static.

Important! A user who authenticates via OIDC must have an email address and a unique username.

When using Standard Flow, be sure to specify the connection type to the authorization service in the Client Authenticator field.

Configuration When Using JWT with or without Client Secret

The Signed JWT connection implies using a JWT token that is requested by the authorization service in GitFlic. The authorization service can obtain the JWT for connection at {base.url}/oidc/discovery/keys, specify this endpoint in the jwks_uri field of your authorization service.

If you use the JWT with Client Secret policy, you need to specify this policy in your authorization service, as well as fill in the Client Secret field in the OIDC connection settings of GitFlic.

Configuration When Using Implicit Flow

When Implicit Flow is enabled, any Secret or JWT will be ignored, as Implicit Flow implies obtaining an Access token via Client Id. Synchronization of information is unavailable since there is no support for a Refresh Token. Entering the Client Secret is optional.

Additional Connection Settings

When synchronization is enabled, user data will be updated once a day.

When login change is allowed, users who have authorized through OIDC will be able to change their username in GitFlic.

Automated translation!

This page was translated using automatic translation tools. The text may contain inaccuracies.