On Journey by Forj you can configure OpenID Connect for single sign-on (SSO). OpenID Connect is a standard authentication protocol that lets users sign in to an identity provider (IdP) such as Google. After they've successfully signed in to their IdP, they are automatically signed in to the platform.

Note: These domains must be linked to your community's current domain.  If your domain updates or if you are using a custom domain- the new domain must be reflected here.

Register an OpenID Connect App

Before you can configure SSO to your Journey by Forj account, you must register it with your service provider. The process varies depending on the service provider.

1. Register your app on your service provider’s website.
2. Modify the app settings and set the app domain (or Home Page URL) to Mobilize, for example http://my_community.mobilize.io/users/auth/openidconnect/callback
3. From the provider’s documentation, get the client ID, client secret and the directory document URL

Set up SSO in Journey by Forj

In the community settings page you can find the authentication tab, this is where you set up the SSO to the account. To view your community settings, click the Community menu (people icon in the upper right corner) > Select Community settings > Select Authentication.

1. Enter the Directory Document URL (omit ".well-known/openid-configuration"), which contains details about the OpenID Connect provider's configuration. 
2. Use the client ID from your provider for the Mobilize App ID field.
3. Use the client secret from your provider for the Mobilize App Secret field.
4. Enter the Button text that will be visible to your members that tries to login to Mobilize

Want to test your SSO?  Enter the full Directory Document into Chrome's address bar, you will get a JSON, check this against Google's.  Once your Directory Document looks like Google's, it should work.  

If you run into any errors, first check your community's SSL certification and make sure it is valid and up to date.

What to expect after SSO is enabled
From now on, all members can authenticate by SSO login and Journey by Forj will use this login to identify the user. The member will not have to re-login to the platform if they are already logged in to your organization SSO.