Open ID Connect (OIDC)
The OIDC login provider uses the OpenID Connect (OIDC) authorization code flow to authenticate a user. All OIDC compliant identity providers (IdP) are supported, this includes Keycloak, Microsoft Azure, Google.
Backchannel logout
If the OIDC provider supports backchannel logout, Studo Flow also supports it. The IdP must be configured to send backchannel logout requests to the Studo Flow backchannel logout endpoint:
https://<your-flow-domain>/oidc/backChannelLogout
Limitations
All users who log in via the OIDC login provider must already exist in the Studo Flow database (created by an importer). Currently, it's not possible to create a user "on-demand" when logging in.
Using Keycloak
See Keycloak example.
Using CAMPUSonline
Every CAMPUSonline deployment has a Keycloak instance.