SSO connection setup

Adhese can connect with a client's IDP (IDentity Provider) so the client's employees can log into Adhese using their own SSO (Single-Sign On) system.

To successfully connect your company's SSO with Adhese's login system, some information needs to be provided:

Endpoints from your IDP system
- authorization_url
- token_url
- logout_url
- user_info_url
- issuer
- jwks_url

example

authorization_url	"https://.../am/oauth2/authorize"
token_url	"https://.../am/oauth2/access_token"
logout_url	"https://.../am/oauth2/connect/endSession"
user_info_url	"https://.../am/oauth2/userinfo"
issuer	"https://.../am/oauth2"
jwks_url	"https://.../am/oauth2/connect/jwk_uri"

client_id
client_secret

The client_id and client_secret must correspond to the values registered in the customer's IDP.

The issuer and jwks_url must be reachable from Adhese services.

Furthermore, roles need to be mapped between Adhese and your IDP. Below is an example where the first part (before =) is the role as it could be in the IDP and the second part (after =) how it can relate to the roles within Adhese.

Example

"adhese.ad-master"	= ["adhese.Self Service Ad Master", "adhese.Creative Master"]
"adhese.read-only"	= ["adhese.Viewer"]
"adhese.admin"	= ["adhese.Admin", "admin"]
"adhese.creative-reviewer"	= ["adhese.Creative Approver"]

If you as a client have multiple instances of Adhese (i.e. a testing and a production instance), you can have separate connections for each instance or use the same mapping for both instances.

Revision #2
Created 23 March 2026 12:22:28 by Casper Steuperaert
Updated 30 March 2026 11:53:09 by Casper Steuperaert