Use OpenID-based External Identity Providers
B2C Service supports the use of OpenID Connect (OIDC) external identity providers for single sign-on authorization for agents.
OpenID Connect (OIDC) is a widely used authorization protocol based on JSON, and OAUTH 2.0 standards. OIDC support lets administrators define and manage OIDC providers on the Agent Browser UI.
Using OIDC has these benefits:
- Agents have seamless access to B2C Service.
- OIDC eliminates the need for multiple credentials. Agents can log into B2C Service using their credentials with popular OIDC providers.
- OIDC can be used for web single-sign on.
- A single logout terminates the session, regardless of where the logout originates.
- Unlike SAML, OIDC is light weight and can be used on mobile platforms.
You perform these tasks to set up OIDC:
- Register B2C Service with the OpenID Connect Provider.
- Define the OpenID Connect Provider in B2C Service.
OIDC authorization uses this process:
- An agent tries to log in to B2C Service.
- B2C Service sends an authorization code request to the OIDC provider.
- The OIDC provider challenges the user for their credentials. This is ususally performed on a login page.
- If the agent logs in successfully, or is already logged in to the OIDC identity provider, the OIDC provider returns an authorization code to B2C Service.
- B2C Service sends an identity (ID) token request to the OIDC provider using the obtained authorization code.
- The OIDC provider issues the ID token.
- B2C Service creates a user session using the ID token.