1. Using B2C Service
  2. Use OpenID-based External Identity Providers

Use OpenID-based External Identity Providers

B2C Service supports the use of OpenID Connect (OIDC) external identity providers for single sign-on authorization for agents.

OpenID Connect (OIDC) is a widely used authorization protocol based on JSON, and OAUTH 2.0 standards. OIDC support lets administrators define and manage OIDC providers on the Agent Browser UI.

Using OIDC has these benefits:

  • Agents have seamless access to B2C Service.
  • OIDC eliminates the need for multiple credentials. Agents can log into B2C Service using their credentials with popular OIDC providers.
  • OIDC can be used for web single-sign on.
  • A single logout terminates the session, regardless of where the logout originates.
  • Unlike SAML, OIDC is light weight and can be used on mobile platforms.

You perform these tasks to set up OIDC:

  1. Register B2C Service with the OpenID Connect Provider.
  2. Define the OpenID Connect Provider in B2C Service.

OIDC authorization uses this process:

  1. An agent tries to log in to B2C Service.
  2. B2C Service sends an authorization code request to the OIDC provider.
  3. The OIDC provider challenges the user for their credentials. This is ususally performed on a login page.
  4. If the agent logs in successfully, or is already logged in to the OIDC identity provider, the OIDC provider returns an authorization code to B2C Service.
  5. B2C Service sends an identity (ID) token request to the OIDC provider using the obtained authorization code.
  6. The OIDC provider issues the ID token.
  7. B2C Service creates a user session using the ID token.