OpenID Connect (OIDC) is an identity protocol built on top of OAuth 2.0 that provides secure authentication and authorization. It allows users to securely log in to various services while service providers can simultaneously access verified identity information. The following article describes how to set up OpenID Connect (OIDC) in Relution using Microsoft Azure.

Settings in Relution

OIDC can be configured in the Relution portal under Settings > OpenID Connect. The following screenshots include a working configuration using Microsoft Azure.


Configuration details

Name of the provider: Will be displayed on the login button in the rleution portal
Create unknown users in Relution: Unknown users are created by login in Relution.

Client Details

Client ID" Corresponds to the application ID in Azure.
Client Secret: Corresponds to the client secret key to the application ID in Azure.

Server URIs

Use Discovery Endpoint: If supported by the provider, an automatic configuration of the required URIs is performed.
Manual configuration of endpoints: Necessary as soon as automatic discovery does not work.


Authorization URI:


Token URI:

User Info URI:

Advanced configuration

The username attribute from the OIDC provider contains the unique username of the authenticated user.

The username attribute in Relution contains the unique username of the authenticated user.

Authorization Grant Type` The Authorization Grant Type is an OAuth mechanism that specifies how an application obtains access permissions from a user.

Scope Scopes define what identity information or resources the application can request from the OIDC provider

Settings in Azure

Creating a new app registry

  1. Logging in in Azure Portal, continuing on Azure Active Directory. AutoPilot01
  2. Creating new App registry > Create new registry for OIDC. AutoPilot01
  3. Naming application, selecting account type Only accounts in this organization directory and regesting it. AutoPilot01

Adding secret client key (Client Secret) under Certificates & Secrets

  1. The required client secret is created under Add a certificate or secret. AutoPilot01
  2. Via New secret client key the Description and validity period Valid until can be set. AutoPilot01
  3. The client key can be copied directly. AutoPilot01

Configure API permissions.

  1. Under API Permissions > Configured Permissions, Add Permission should be clicked.
  2. The Microsoft Graph should be selected under Microsoft APIs in the Request API Permissions dialogue box.


  1. In the next step, the tile `Application permissions can be selected.
  2. User.Read.All for can be selected for User



Add redirection URI