Skip to main content
This document provides all necessary instructions to integrate your Identity Provider (IdP) — such as ADFS — with Visual Layer’s platform using the OpenID Connect (OIDC) protocol. We will work together to ensure a smooth Single Sign-On (SSO) experience.

OIDC Authentication Flow

1

Login Redirect

The user tries to log in to Visual Layer and is redirected to your IdP (OpenID Provider, OP) with the client ID.
2

User Authentication

The IdP authenticates the user.
3

Authorization Code Return

The user is redirected back to a predefined Redirect URI with an authorization code.
4

Token Exchange

Visual Layer exchanges this code, along with the client ID and secret, for Access and ID tokens.
5

User Info Retrieval

Optionally, additional user details can be retrieved using the Access Token via the UserInfo endpoint.

Information Required from Your Side

1. Well-Known Configuration URL

  • Provide your IdP’s OpenID configuration URL (For example: https://<your-adfs-domain>/adfs/.well-known/openid-configuration).
  • This allows us to automatically fetch metadata like authorization endpoints.

2. Client ID and Client Secret

  • Generate these credentials on your IdP (ADFS or any OIDC-compliant provider).
  • We will use these securely to authenticate against your IdP.

3. Allowed Scopes

  • Confirm which scopes are supported.
  • Typical scopes include: openid, profile, email.

4. Example Tokens

  • No need to send real user tokens.
  • Provide an example ID token and, if possible, a UserInfo response showing the available user claims.

Information We Will Provide

1. Redirect URI

  • Please configure this URI in your IdP:
  • This is where users will be redirected after authentication.

Required Changes in Your OpenShift Settings

Update or Add the Following Settings:

Frontend (FE) Settings:

Tip: To generate a random storage key:

Permissions Management


Additional Notes

  • If needed, we can assist you with ADFS configuration, token structure validation, or claim mapping.
  • We support both cloud and on-premises deployments.
  • On-prem users: if you’re interested in an evaluation, we can provide a trial version to test before committing.

User Management API

Create, update, delete, and manage user accounts programmatically through the REST API.

Workspaces & Organizations

Manage workspace membership and roles through the API.

Admin Settings API

View and update runtime configuration settings through the API.

Configuration

Environment-level configuration options for self-hosted deployments.