Sign in

OpenID Connect

Learn how to configure a new OpenID Connect (OIDC) Connection


Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create an OpenID Connect (OIDC) Connection, you'll need four pieces of information: a Redirect URI, a Client ID, a Client Secret, and a Discovery Endpoint.

WorkOS ProvidesLink

WorkOS provides the Redirect URI. It's readily available in your Connection's Settings in the Developer Dashboard.

The Redirect URI is the location an Identity Provider redirects its authentication response to.


And then, you provide the Client ID, Client Secret, as well as the Discovery Endpoint.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's OpenID Connect configuration in their Identity Provider admin dashboard. But, should that not be the case during your setup, here's how to obtain them.

Create an Application with your IdPLink

For SSO to properly function with your Identity Provider, you'll need to create and configure your OpenID Connect application to support the authorization code grant type and have the redirect URI from WorkOS listed as your login redirect uri.

Provide your Client CredentialsLink

After creating an OpenID Connection application, a Client ID and Client Secret will be provisioned for you by your Identity Provider. Enter these in your Connection's Settings in the Developer Dashboard.

Add Discovery EndpointLink

Your Identity Provider's Discovery Endpoint contains important configuration information. Enter this in your Connection's Settings in the Developer Dashboard.Your Connection will then be verified and good to go!