Sign In

Users of the system typically sign in with an internal account or a social login. Single Sign-on (SSO) may be configured through a third-party OpenID Connect (OIDC) authentication provider.

Single sign-on requires a license and affects the system operating costs. Contact your VAR for more information.

OIDC Configuration

Elements needs to be registered with the authentication provider to obtain the OIDC discovery endpoint, client ID, and client secret.

The terminology used by providers may vary. The OIDC discovery endpoint may also be referred to as an OIDC metadata document. The endpoint typically ends with "/.well-known/openid-configuration".

The provider application should be configured as follows:

Redirect URI: https://lenelpilot.b2clogin.com/638d4234-65fa-4d5e-844a-e96d4aad27b7/oauth2/authresp
Response Type: Code
Grant Type: Authorization Code
Token Endpoint Authentication: POST
PKCE Enforcement: No, N/A, or Optional

Be sure to refer to the authentication provider documentation for more details

Configure Single Sign-on

Use the OIDC discovery endpoint, client ID, and client secret to configure SSO.

Under Single Sign-on (SSO), select Manage.
Under Sign In, select Configure Authentication Provider.
On the Configuration screen, enter a Name for the authentication provider.
Enter the OIDC Discovery Endpoint.
Enter the Client ID.
Enter the Client Secret.
The client secret is not recorded in system logs or audit reports.
Select Save. After saving the configuration, a direct login URL is generated.
This URL must used for direct login access. Administrators should distribute this URL for users to bookmark in their browsers, or make this URL available through their organization's resources.
The Sign In option is used to configure the method for signing in to the system.
- Any Sign-in Method - Users may sign in using any method - internal account, social login, or third-party authentication SSO.
- Third-party Sign-in Only - Users must use third-party authentication SSO when signing in to the system. If this option is selected, once SSO is configured, all new users will be required to use this method. Existing user accounts will not be changed. To enforce SSO, remove login access and re-invite existing users.

The sign-in method is displayed on the People page, in the Login column.