OpenID Connect

Configure Pureservice authentication with OpenID Connect

*The setup required outside of Pureservice is recommended to be done by someone with relevant knowledge to avoid misconfiguration. Pureservice Support may be able to assist, but this part of the setup is your own responsibility.

Configuring Azure

1. Log in to Azure, navigate to “Azure Active Directory” and “App Registrations”.
2. To create a new Application, select “New registration”.
   1. Give it a relevant name
   2. Enter the reply URL for your Pureservice as the Redirect URI, this can be found in Pureservice Administrator settings -> Security -> Authentication -> Either Agent or End user authentication -> Set type to OpenID Connect and copy the URL after Use the following reply URL:.
   3. Click “Register”
3. Go to “Certificates & secrets” and create a new “Client secret”. The key will be shown only once after saving, so make sure you copy it to the clipboard and save it for later in the setup!

*When setting up both Agent and End user authentication for your Pureservice, then the other Redirect URI need to be added after the creation of the app. This is found in the “Authentication” settings for the app.

Configuring Pureservice

1. Go to the Pureservice Agent Console and open the Administrator, go to Security -> Authentication and select the relevant site (Agent authentication for the Agent Console and Enduser authentication for Selfservice)
2. Set the Type to “OpenID Connect”
3. Set the Configuration Type to “Automatic discovery”
4. Set the Server URL. This is “https://login.microsoftonline.com/Directory (tenant) ID/v2.0”
   1. The “Directory (tenant) ID” can be found in the Application’s settings/properties (Overview) site in Azure
   2. Example URL: https://login.microsoftonline.com/a1111111-b222-c333-e444-f55555555555/v2.0/
5. Set the Client ID to the same as “Application (client) ID” this can be found in the Application’s settings/properties (Overview) site in Azure
6. Set the Client secret to the same key that was generated earlier
7. Set the Claim key you want
   1. Example can the following Claim key be used for mail in Pureservice:
      email
   2. Example can the following Claim key be used for username in Pureservice:
      preferred_username
8. Set the Scope wanted. This may vary depending on setup.
   1. Example this works for Azure:
      openid profile email
9. Leave the Resource field blank
10. Optional: Enable Bypass SSO. This will allow users to log in “manually” with their Pureservice usernames and passwords while also having the option of using the OpenID Connect Single SignOn.