OpenID Connect

OIDC (OpenID Connect) is an authentication and authorization protocol based on the OAuth 2.0 protocol. It extends OAuth 2.0 to provide a standardized way for identities to enable users to authenticate with third-party applications and authorize those applications to access protected resources.

Raysync oidc authentication implements back-end communication with IDP. Its function is similar to the traditional OAuth process, and it interacts with the Raysync web application to obtain the access token through the traditional OAuth access token method. During this process, the IDP provider does not send user details, but a special one-time code that Raysync Web Services can exchange for an OAuth access token. In addition to the one-time code, this exchange needs to include the client ID and client secret, just like the traditional OAuth 2.0 flow. This token is invisible through the browser and enables Raysync services to authenticate between IDP services.

If you already have your own enterprise management system, you can log in to Raysync using your enterprise management system account.

1. OKTA Login

1.1 Create OKTA app

1) Log in to your okta management page, find Applications in the left menu bar, and click Create APP Integration

2) On the pop-up page, select Sign-in method: OIDC - OpenID Connect, and select Application type: Web Application. After completing the selection, click Next

3) Fill in the application information, please make sure the address is accurate

Function Description
App integration name App integration name
Client acting on behalf of a user Authorization Code 
Sign-in redirect URIs

redirect URIs:Your Raysync user portal url + /api/user/oidc/callback.  For example: https://{{RAYSYNC_DOMAIN:8091}}/api/user/oidc/callback

 

4) Set the Assignments. The default selection is as follows. All users running okta. Click Save after completing the selection.

 

1.2 Get OKTA application information

1) Click on the created APP

2)Get the Client ID、Client Secret

3) In the left menu bar, select API under Security and enter

4) Click on the picture to enter the configuration information of okta

5) Get the Issuer 

6) According to the issuer, obtain the configuration information address of idp. The conversion address is such as: {{issuer}}/.well-known/openid-configuration. After the conversion is completed, enter the address in the browser.

7) From the json information obtained in step 6, obtain authorization_endpoint, token_endpoint, userinfo_endpoint

1.3 Fill in OKTA  APP information into Raysync 

Fill in the above information into the oidc authentication configuration of the Raysync admin portal and click Save

Click Test Connection. If you successfully jump to OKTA's login page, the configuration is successful. After successful configuration, users can use their OKTA account to log in to Raysync user portal.

 

2. OneLogin Login

2. 1 Create OneLogin app

1) Login into your management page, click on the upper navigation bar , Applications > Add App

 

2) Search for "OpenId Connect" or "oidc" and select Open Connect (OIDC)

3) Enter a name for the application and click Save

4) In the Configuration tab, configure the application information, make sure the address is accurate, and click Save

Function Description
Login Url

Your Raysync user portal url

https://{{RAYSYNC_DOMAIN:8091}}

Redirect URI's

Your Raysync user portal url + api/user/oidc/callback 

https://{{RAYSYNC_DOMAIN:8091}}/api/user/oidc/callback 

Post Logout Redirect URI's

Your Raysync user portal url

 https://{{RAYSYNC_DOMAIN:8091}}

5) In the SSO tab, select Web for Application Type; select POST as the token endpoint for Authentication Method, and click Save

6) Add users to the application

Click the navigation bar Users > Users, then select a user and click to enter

Click Application and add

Select the application you want to add and click Save

 

2.2 Get OneLogin application information

1) Click to enter the app

2) Click SSO , get Client ID and Client Secret

3) Get IssuerURL

Click "Well-known Configuration" to get authorization_endpoint, token_endpoint, userinfo_endpoint

 

2.3 Fill in the OneLogin APP information into Raysync

After saving, click Test Connection. If you jump to the Onelogin login page, the configuration is successful. After successful configuration, users can use their Onelogin account to log in to Raysync user portal.

3  Google Login

3.1 Create Google credentials

1) Log in to google console https://console.cloud.google.com

2) Click API & Services

 

 

3) Click Credentials > Create Credentials

 

4) Select OAuth client ID

 

5) Select application type: Web application

 

 

6) Fill in Authorized JavaScript origins and Authorized redirect URIs

 

 

Function Description
Authorized JavaScript origins

Your Raysync user portal url. The address must use a top-level domain name

https://{{RAYSYNC Top-level domain:8091}}

Authorized redirect URIs

Your Raysync user portal url + /api/user/oidc/callback

https://{{RAYSYNC Top-level domain:8091}}/api/user/oidc/callback

 

Click Create

 

7) Download  json file or click to enter your Client to obtain your Client ID and Client secret

 

 

 

 

3.2 Fill in Google credentials information into Raysync

Log in to the Raysync admin portal , User--User integration--Third-party login auth--OpenID Connect

1) Open the help document

https://accounts.google.com/.well-known/openid-configuration

Get Issuer URL、Authorization Endpoint、Token Endpoint 、Userinfo Endpoint

 

 

 

2) Fill in the configuration information and save

 

4) Click Test Connection

 

 

If you jump to the Google login page, the configuration is successful.

After successful configuration, users can use their Google account to log in to Raysync user portal.

 

By continuing to use this site, you agree to the use of cookies.