Configuring Open ID Connect

  • Updated on May 14, 2025
  • Published on Apr 4, 2025
Prev Next

Introduction

Note:

This feature needs to be unlocked for your account. If you are interested, please contact support@frisbii.com.

OpenID Connect is based on the OAuth 2.0 framework and enables third-party applications to verify the identity of end users and receive basic user profile information. OpenID Connect uses JSON web tokens (JWTs) that you can receive in data flows that conform to the OAuth 2.0 specifications.

Connecting identity provider

Note:

To use the single sign-on mechanism, use the URL provided in the Open Id Connect settings in Frisbii Transform.

  1. To get to the 3rd party integrations, click on your email address > Settings in the top right corner.

  2. In the Frisbii APPS section, click 3rd Party Integrations.

  3. In the Open Id Connect row, click the  edit_icon.png icon.
    mceclip1.png

  4. Fill in the required fields.
    mceclip0.png

  5. Click Save.

  6. When Open Id Connect is configured successfully, activate the checkbox.
    mceclip0.png

  7. Click Save.

Field

Description

Authority

realm URL of the identity provider

OIDC Settings Client ID

OIDC settings for Client ID from the identity provider for authorization

External Login Client ID

Client ID from the identity provider for authorization

Client Secret

Client Secret from the identity provider for authorization

Scope

identifiers for resources to access

External Role Assignments Strategy

Strategy for role assignment

External Role Assignments Strategy

The external role assignment strategy has to be configured in the 3rd Party Integrations in Frisbii Transform. To assign roles of Frisbii Transform by the identity provider, the claims need to be set in the identity provider.

Note:

The token claim name cannot be customized.

External Role Assignments Strategy

Description

Claims

No external role assignments

Roles provided by Identity Provider are not taken into account.

Roles can be assigned by admin or during user invitation.

One role for all legal entities

Roles provided by Identity Provider

are assigned.

Roles cannot be assigned by admin or during user invitation.

The assignment is done by using custom claims.

  • Token claim name: "roles:Frisbii Transform"

  • Token claim value: "{RoleName}"

Note: You can combine roles by separating the role names with two hashtags.

Example:

"roles:Frisbii Transform":"Finance"

"roles:Frisbii Transform":"Finance##Products"

  • Token claim name: "extn.tenant_id"

  • Token claim value: "{ExternalEntityId}"

Example

"extn.tenant_id":"64c6db2dd86a3dc43db81cf6"

Role per legal entity

Note: Only available with the multi tenant feature in combination with Open Id Connect.

Roles provided by Identity Provider

are assigned.

Roles cannot be assigned by admin or during user invitation.

The assignment is done by using custom claims. The claim must contain the entity Id.

  • Token claim name: "roles:Frisbii Transform"

  • Token claim value: "{RoleName}:{ExternalEntityId}"


Note: You can combine roles by separating the role names with two hashtags.

Example

"roles:Frisbii Transform":"Finance:62c6db2da85a7dc43db81cf6"

Role names

The role name must be used in the claim to assign the corresponding role.

Role name

Role

Admin

Admin

Operations

Operations

Finance

Finance

Products

Products

ReadOnlyOperations

ReadOnlyOperations

Reports

Reports

Templates

Templates

Related articles