1๏ธโฃ What is SSO OAuth2 / OpenID Connect? Why use it?
SSO OAuth2 / OpenID Connect (OIDC) allows your users (students, professors, administrators) to access Edusign through your own identity provider, using existing credentials from your system.
๐ OpenID Connect is a layer on top of the OAuth2 protocol, adding a layer of secure authentication (identity verification) while keeping OAuth2's base of authorization (resource access).
At Edusign, we support both approaches:
Simple OAuth2 connections (authorization only)
Complete and secure OpenID Connect connections (authentication + authorization)
โ Benefits for your organization:
Fast and frictionless login for users
Centralized, secure, and standards-compliant authentication
Compatible with a wide variety of Identity Providers (Auth0, Keycloak, Azure AD, etc.)
Reduction in password forgetting and technical support
โน๏ธ Important: Setting up CAS SSO requires intervention from our technical team.
2๏ธโฃ Prerequisites & Information to Provide
To integrate your OAuth2 / OpenID Connect system with Edusign, you will need to provide the following elements:
1. Client ID
Unique identifier generated by your Identity Provider.
Example: 2_3dm23ng4zruo4ogwico48s8gcowws11gog4kcs8so1cg8wqqq
2. Client Secret
Secret key associated with your OAuth2 application.
Example: d754s400el34wwcsgkoks8ds4oa4wgs0cgo0oxs0ckj5w18jqq
3. Authorization / Authentication URL (Authorization Endpoint)
Address to which Edusign will redirect users to log in.
4. Authorization Scopes
Permissions to request when logging in. The minimal required scope is generally profile.
Example: openid profile email
5. Response Type
Defines the type of response expected after authentication.
Example: code (for the Authorization Code Flow, recommended)
6. Domain Name(s) Used for SSO
Indicate to us the domain name(s) that your users will use to initiate the SSO connection.
Example: student.mydomain.fr, admin.domain.com, etc
7. (Optional but recommended): Test Account(s)
Provide us with a test user account on your IdP so that we can validate the integration's correct functioning.
Example: a generic account with SSO rights enabled. without authorization other than to connect.
โNote: If the SSO is intended for different audiences (admin, professor, student), we will need a test account for each user type.
Once all these elements are received, our team configures and activates SSO on your account within the shortest possible time (2 to 5 business days) โ
3๏ธโฃ Technical Configuration Steps
Retrieval and verification of information by the Edusign team
Secure integration into our system via OAuth2 / OpenID Connect
Association of your domain in the Edusign database
Tests to validate the connection
Activation of SSO for all your users ๐
4๏ธโฃ How do your users connect with SSO OAuth2 OIDC?
Steps for user login:
On School, Professor, or Student platforms, enter your institutional email.
The application detects your SSO and you can click "Login via <your institution>"
You are redirected to your CAS login interface.
Once authenticated, you access Edusign without additional password entry โ
Your colleagues will have the option to go to your single authentication portal or use their Edusign password. ๐
Alternatively, you can also:
On School, Professor, or Student platforms, click on:
โ"Use Single Sign-On (SSO)"Enter your domain (for example
my-institution.fr).You are automatically redirected to your CAS login interface.
Once authenticated, you access Edusign
Other available SSOs:
For an overview ๐ Everything about SSO
To further explore, visit our help center.
๐ฌ If you can't find what you're looking for, contact us via chat. ๐ฌ