Skip to main content

Open ID Connect (OIDC)

The OIDC login provider uses the OpenID Connect (OIDC) authorization code flow to authenticate a user. All OIDC compliant identity providers (IdP) are supported, this includes Keycloak, Microsoft Azure, Google.

Backchannel logout

If the OIDC provider supports backchannel logout, Studo Flow also supports it. The IdP must be configured to send backchannel logout requests to the Studo Flow backchannel logout endpoint:

https://<your-flow-domain>/oidc/backChannelLogout

Limitations

All users who log in via the OIDC login provider must already exist in the Studo Flow database (created by an importer). Currently, it's not possible to create a user "on-demand" when logging in.

Using Keycloak

See Keycloak example.

Using CAMPUSonline

Every CAMPUSonline deployment has a Keycloak instance.