1️⃣ What is SSO OAuth2 / OpenID Connect? Why use it?
SSO OAuth2 / OpenID Connect (OIDC) allows your users (students, instructors, administrators) to access Edusign through your own identity provider, using existing credentials from your system.
👉 OpenID Connect is a layer on top of the OAuth2 protocol, adding a layer of secure authentication (identity verification) while keeping OAuth2's base of authorization (resource access).
At Edusign, we support both approaches:
Simple OAuth2 connections (authorization only)
Complete and secure OpenID Connect connections (authentication + authorization)
✅ Benefits for your organization:
Fast and frictionless login for users
Centralized, secure, and standards-compliant authentication
Compatible with a wide variety of Identity Providers (Auth0, Keycloak, Azure AD, etc.)
Reduction in password forgetting and technical support
ℹ️ Important: Setting up CAS SSO requires intervention from our technical team.
2️⃣ Prerequisites & Information to Provide
To integrate your OAuth2 / OpenID Connect system with Edusign, you will need to provide the following elements:
1. Client ID
Unique identifier generated by your Identity Provider.
Example: 2_3dm23ng4zruo4ogwico48s8gcowws11gog4kcs8so1cg8wqqq
2. Client Secret
Secret key associated with your OAuth2 application.
Example: d754s400el34wwcsgkoks8ds4oa4wgs0cgo0oxs0ckj5w18jqq
3. Authorization / Authentication URL (Authorization Endpoint)
Address to which Edusign will redirect users to log in.
Example: https://preprod.customer.com/oauth/v2/auth
4. Authorization Scopes
Permissions to request when logging in. The minimal required scope is generally profile.
Example: openid profile email
5. Response Type
Defines the type of response expected after authentication.
Example: code (for the Authorization Code Flow, recommended)
6. Domain Name(s) Used for SSO
Indicate to us the domain name(s) that your users will use to initiate the SSO connection.
Example: student.mydomain.fr, admin.domain.com, etc
7. (Optional but recommended): Test Account(s)
Provide us with a test user account on your IdP so that we can validate the integration's correct functioning.
Example: a generic account with SSO rights enabled. without authorization other than to connect.
Note: If the SSO is intended for different audiences (admin, professor, student), we will need a test account for each user type.
Once all these elements are received, our team configures and activates SSO on your account within the shortest possible time (2 to 5 business days) ✅
3️⃣ Technical Configuration Steps
Retrieval and verification of information by the Edusign team
Secure integration into our system via OAuth2 / OpenID Connect
Association of your domain in the Edusign database
Tests to validate the connection
Activation of SSO for all your users 🎉
4️⃣ How do your users connect with SSO OAuth2 OIDC?
Steps for user login:
On School, Professor, or Student platforms, enter your institutional email.
The application detects your SSO and you can click "Login via <your institution>"
You are redirected to your CAS login interface.
Once authenticated, you access Edusign without additional password entry ✅
Your colleagues will have the option to go to your single authentication portal or use their Edusign password. 😉
Alternatively, you can also:
On School, Professor, or Student platforms, click on:
"Use Single Sign-On (SSO)"Enter your domain (for example
my-institution.fr).You are automatically redirected to your CAS login interface.
Once authenticated, you access Edusign
Other available SSOs:
For an overview 👉 Everything about SSO
To further explore, visit our help center.
💬 If you can't find what you're looking for, contact us via chat. 💬