OpenID Connect Single Sign-On¶
Mattermost provides support for GitLab, Google Apps, and Office 365, as well as other OpenID Connect applications as a Single Sign-on (SSO) service for team creation, account creation, and user sign-in.
Follow these steps to configure a service provider using OpenID Connect.
Step 1: Create an OpenID Connect Application¶
- Follow service provider documentation for creating an OpenID Connect application. Most OpenID Connect service providers require authorization of all redirect URIs.
- In the appropriate field, enter
{your-mattermost-url}/signup/openid/complete
For example:http://domain.com/signup/openid/complete
- Copy and paste values for the Discovery Endpoint, Client ID, and Client Secret values to a temporary location. You will enter these values when you configure Mattermost.
Step 2: Configure Mattermost for an OpenID Connect SSO¶
- Log in to Mattermost, then go to System Console > Authentication > OpenID Connect.
- Select OpenID Connect (Other) as the service provider.
- Enter the Discovery Endpoint.
- Enter the Client ID.
- Enter the Client Secret.
- Specify a Button Name and Button Color for the OpenID Connect option on the Mattermost login page.
- Select Save.
- Restart your Mattermost server to see the changes take effect.