Single Sign On

Tested/supported SSOs
  • Keycloak
  • Okta
SSO cfg


Parameters
  • Server:
    Enter the base URL of your OpenID Connect Identity Access Manager (IAM).
    This is usually your Keycloak, Okta, or another OIDC IdP server endpoint.

  • Client ID:
    The identifier registered with your IdP for XorMon.
    It allows the IdP to recognize XorMon as a valid client.

  • Client Secret:
    A secret (password) associated with the Client ID.

  • User Info Role Property:
    Defines where in the IdP user claims the role information is located.
    XorMon uses this to assign roles/permissions to authenticated users.

  • Test:
    After a configuration is saved, the test button will perform OIDC login and display user info.

  • Trusted CA (Certificate Authority):
    Allows you to upload intermediate CA certificates.
    This is required if your IAM uses a self-signed or private CA certificate.

For SSO to work, the IAM must be configured properly before XorMon can connect:
  • In your IdP admin console, register a new OIDC client/application for XorMon
  • Provide Redirect URI / Callback URL → this must point back to XorMon
    • https://<xormon-server>/api/oidc/v1/* if wildcards are allowed
    • Otherwise https://<xormon-server>/api/oidc/v1/roles for test and https://<xormon-server>/api/oidc/v1/login for login
  • Ensure the IdP exposes a UserInfo endpoint
  • Define which roles or groups will be passed to XorMon in User Info, these will be looked up by above "User Info Role Property" path from JWT