Tested/supported SSOs

• Keycloak
• Okta
• Authentik
• PingID
• MS Entra: it will be supported since XorMon 2.1

Parameters

• Server:
  Enter the base URL of your OpenID Connect Identity Access Manager (IAM).
  This is usually your Keycloak, Okta, or another OIDC IdP server endpoint.
  
  
• Client ID:
  The identifier registered with your IdP for XorMon.
  It allows the IdP to recognize XorMon as a valid client.
  
  
• Client Secret:
  A secret (password) associated with the Client ID.
  
  
• User Info Role Property:
  Defines where in the IdP user claims the role information is located.
  XorMon uses this to assign roles/permissions to authenticated users.
  
  
• Test:
  After a configuration is saved, the test button will perform OIDC login and display user info.
  
  
• Trusted CA (Certificate Authority):
  Allows you to upload intermediate CA certificates.
  This is required if your IAM uses a self-signed or private CA certificate.
  
  

For SSO to work, the IAM must be configured properly before XorMon can connect:

• In your IdP admin console, register a new OIDC client/application for XorMon
• Provide Redirect URI / Callback URL → this must point back to XorMon
• https://<xormon-server>/api/oidc/v1/* if wildcards are allowed
• Otherwise https://<xormon-server>/api/oidc/v1/roles for test and https://<xormon-server>/api/oidc/v1/login for login
• Ensure the IdP exposes a UserInfo endpoint
• Define which roles or groups will be passed to XorMon in User Info, these will be looked up by above "User Info Role Property" path from JWT