OIDC

Configuring SSO using OIDC

Tellius supports secure Single Sign-On (SSO) via OpenID Connect (OIDC), allowing users to seamlessly log in using an external identity provider (IdP) such as Okta, Google, or Azure AD.

Under Settings → Security → Authentication → OIDC, provide the following details:

1. Client ID: Unique identifier assigned to the Tellius application within your IdP. It allows Tellius to recognize itself when communicating with the IdP.

2. Client Secret: A secret key provided by the IdP for authenticating Tellius.

3. Discovery Document URI: The endpoint where Tellius retrieves metadata about the IdP's configuration, such as token endpoints and supported claims.

4. Redirect URL: The URL where the IdP will redirect users after successful authentication. This must match what you configure in your IdP. Format: https://<TELLIUS_HOST>/oidc_callback.

5. Default user role: Role to be assigned to users who sign in via OIDC for the first time.

6. Once these fields are filled, click on Save button to apply your configuration.

7. After successful setup, users navigating to Tellius will be redirected to the IdP’s login screen.

8. Once authenticated, they are redirected back to Tellius and automatically signed in.

9. If a user logs in for the first time, an account is auto-provisioned using the user details from the IdP (depending on the mapped claims).