OIDC SSO Integration Guide
This guide explains how to integrate OpenID Connect (OIDC) Single Sign-On with Protrak.
Prerequisites
Before configuring OIDC SSO, ensure you have:
- Administrative access to your Identity Provider (IdP)
- Administrative access to Protrak
- Your Identity Provider's OIDC configuration details
Step 1: Register Protrak App and Gather Identity Provider Configuration
1.1 Register Protrak Application
First, register your Protrak application with your Identity Provider:
- Access your Identity Provider's admin console
- Create a new application/client registration with redirect URIs:
- Login Redirect URI:
https://app.protrak.io/oidc/callback - Logout Redirect URI:
https://app.protrak.io/oidc/logout/callback
- Login Redirect URI:
- Note down the generated details
1.2 Gather Configuration Details
You'll need the following configuration details from previous step:
| Field | Description | Example |
|---|---|---|
| issuer | The base URL of the IdP | https://your-identity-provider-url |
| clientId | The unique identifier for your app registered with the IdP | abc123-def456-ghi789 |
| clientSecret | Secret key for your registered application(Do not pass this if your client is public) | XyZ789-secure-secret-key |
| redirectUri | URI where the IdP will redirect after login | https://app.protrak.io/oidc/callback |
| postLogoutRedirectUri | URI where the IdP will redirect after logout | https://app.protrak.io/oidc/logout/callback |
| responseType | OAuth response type (usually "code" for Authorization Code Flow) | code |
| scope | Requested scopes for user information | openid profile email |
Step 2: Create JSON Configuration
Create a JSON configuration object using the information gathered from your Identity Provider:
Configuration Template
{
"issuer": "https://your-identity-provider-url",
"clientId": "your-client-id",
"clientSecret": "your-client-secret",(Do not pass this if your client is public)
"redirectUri": "https://your-domain.protrak.io/oidc/callback",
"postLogoutRedirectUri": "https://your-domain.protrak.io/oidc/logout/callback",
"responseType": "code",
"scope": "openid email profile",
}
Step 3: Configure SSO in Protrak
3.1 Access SSO Settings
- Login to your Protrak application as an administrator
- Navigate to Tenant Settings → SSO Settings
- Click the "+ SSO Setting" button on right top
3.2 Fill SSO Configuration Form
- Name: Enter a descriptive name (e.g., "IDP-name-OIDC")
- Provider Name: Enter a descriptive name (e.g., "Login with Google/Azure")
- Identity Provider Type: Select "OIDC"
- Web Config: Paste the JSON configuration created in Step 2
- Default Setting: Check this box if you want this to be the default SSO method for all users
3.3 Save Configuration
- Click "Save" to store the configuration
- Logout from Protrak to test the new SSO setup
Step 4: Test SSO Integration
4.1 Test Login Flow
- Navigate to your Protrak login page
- Enter an email address from your configured domain
- You should be redirected to your Identity Provider
- Complete authentication with your IdP credentials
- Verify successful redirect back to Protrak
4.2 End-to-End Testing
- Test with different users to ensure proper access control
- Verify user information is correctly mapped from IdP to Protrak
- Test logout functionality to ensure proper session termination and redirect to logout URI
- Check error handling with invalid credentials
Step 5: External Application Integration
5.1 Redirect Configuration for External Applications
When redirecting from external applications(already using your IDP) to Protrak using pre-authentication, you need to configure the proper redirect URLs and parameters.
5.2 Redirect URI Setup
For external applications redirecting to Protrak, use the following redirect URI format:
https://your-protrak-domain.io/oidcAutoLogin
Important: Replace your-protrak-domain.io with your actual Protrak domain.
5.3 Complete URL Example
After successful authentication, the user will be redirected to a URL like this:
https://your-protrak-domain.io/oidcAutoLogin?code=skjdhfkjshf&state=protrak-type-name/create
5.4 URL Components Breakdown
- Base URL:
https://your-protrak-domain.io/oidcAutoLogin - Authorization Code:
code=skjdhfkjshf(received from IdP) - Redirect Path:
state=protrak-type-name/create(where to go after login)
5.5 Implementation Notes
- The
codeparameter contains the authorization code from your Identity Provider - The
stateparameter allows you to specify where users should land in Protrak after successful authentication - This URL format enables seamless single sign-on without requiring users to authenticate again in Protrak
Troubleshooting
Common Issues
Issue: "Invalid Redirect URI" error
- Solution: Ensure the
redirectUriin your JSON config matches exactly with what's configured in your Identity Provider
Issue: "Invalid Client" error
- Solution: Verify
clientIdandclientSecretare correct and the application is enabled in your IdP
Issue: "User not found" error
- Solution: Ensure the user exists in Protrak or enable auto-user creation if supported
Issue: Token validation fails
- Solution: Check that
issuerandtokenEndpointURLs are correct and accessible
Issue: Logout redirect fails or user not properly logged out
- Solution: Verify that
postLogoutRedirectUriis correctly configured in both your IdP and Protrak configuration
Testing Tips
- Use browser developer tools to inspect network requests during login
- Check Protrak logs for detailed error messages
- Test with a dedicated test user first before rolling out to all users
- Verify time synchronization between Protrak and your Identity Provider
This document was last updated on August 27, 2025.