Generic OIDC SSO configuration

Only workspace administrators can configure SSO.

Read these documents to learn how to configure an integration with a specific OIDC provider:

Generic OIDC SSO configuration

Enabling an OIDC-compliant identity provider requires configuring an application with that provider. Follow these steps for general configuration rules.

The user MUST have the email address set in the SSO provider as it's required by Buddy for identification.
  1. Sign in to your Buddy workspace as an administrator, go to Workspace SettingsSSO, and switch to the Open ID connect tab.

    Alternatively, use these links for cloud and on-premises versions:

     https://app.buddy.works.com/WORKSPACE_URL_HANDLE/workspace/sso
     https://INSTANCE_URL/WORKSPACE_URL_HANDLE/workspace/sso
  2. In another tab, sign in to your OIDC provider and create a new app.
  3. Configure the application details:

    • copy and paste the Callback URL from Buddy as callback/redirection URI/URL
    • make sure to set the email address as the sign-in/register method
  4. Once configured, find these values in the application and set them in Buddy:

    • Client ID
    • Client secret
    • Issuer URL

Workspace SSO configurationWorkspace SSO configuration

  1. Click Test configuration and enable the SSO on success. Buddy will redirect you to the SSO provider's login page.
  2. Sign in to authenticate and enable SSO in your workspace.
If Buddy is unable to connect to the identity provider, make sure that both the signature and the digest methods match those used by the provider (some providers do not use the most popular RSA-SHA256 / SHA256 methods).

Last modified on May 29, 2023

Get Started

Sign up for free and deploy your project in less than 10 minutes.