All Collections
Mapiq for Admins
Authentication
Configure Generic - OIDC
Configure Generic - OIDC
Updated over a week ago

Requirements

Permissions in your IAM solution to setup and configure SSO connections to third-party application.

Supported Features

The Generic Mapiq SSO integration for OIDC currently supports the following features:

  • SP-Initiated SSO

  • JIT (Just-In-Time) Provisioning

Configuration Steps

  1. Setup the SSO connection for OIDC in your IAM solution with the information provided in the OIDC configuration section below. <TODO: test environment yes/no>

  2. Ensure that the required claims for Mapiq are correctly configured as described in the Claims section.

  3. Configure any desired optional claims as described in the Claims section.

  4. Locate the .well-known/openid-configuration url of the SSO application, the client id and client secret.

  5. Contact Mapiq support or your Mapiq contact person and request that they enable SSO with OIDC and provide the previously collected configuration url, your client id, client secret, your IAM solution and email domains used by your users.

  6. Completed! Your users can now sign in to Mapiq using SSO. Additionally, you can start assigning users to the application.

OIDC configuration

  • Mapiq requires the following standard OIDC scopes: openid, profile, and email.

The following table provides the configuration details for setting up OIDC for our production and testing environment.

Production

Sandbox

Redirect url

https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/oauth2/authresp

TBD

Claims

Mapiq expects the following claims to be present in the token:

Claim

Description

given_name

The user’s first name.

family_name

The user’s last or family name.

name

The user’s full name.

address

The user’s email address.

Additionally, there are optional claims that can be provided to Mapiq for additional functionality. You are free to map them to user properties as applicable in your organization and these claims should be returned under the openid, profile, and email scopes. The optional available claims are:

Claim

Description

job_title

The user’s job title (e.g. ‘senior manager’, or ‘trainee’).

department

The department the user is a part of (e.g. ‘finance’ or ‘IT support’).

business_unit

The business unit the user is part of (e.g. ‘company logistics’).

office

The office where the user is based (e.g. ‘Amsterdam’ or ‘London’).

country

The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’).

external_id

An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number).

For help on configuring these scopes and claim, please refer to the documentation of your IAM solution and, if required, reach out to their support:

SP-Initiated SSO

  1. Go to https://app.mapiq.com

  2. Click Sign in

  3. Provide your company email address

  4. Sign in with your company credentials

Troubleshoot

Please refer the common SSO errors page.

Notes

Mapiq doesn’t provide a backup sign-in URL in case of a misconfiguration of the SSO integration. Please contact Mapiq Support if you lock yourself out.

Related Articles
Configure Azure AD - SAML 2.0
Configure Okta - OIDC
Configure Azure AD - OIDC
Configure Generic - SAML 2.0
Getting started with SSO
Did this answer your question?