Skip to main content

SSO connection setup

Adhese can connect with a client's IDP (IDentity Provider) so the client's employees can log into Adhese using their own SSO (Single-Sign On) system.

To successfully connect your company's SSO with Adhese's login system, some information needs to be provided:

  • Endpoints from your IDP system
    • authorization_url
    • token_url
    • logout_url
    • user_info_url
    • issuer
    • jwks_url
example

authorization_url

 "https://.../am/oauth2/authorize"
token_url "https://.../am/oauth2/access_token"

logout_url

 "https://.../am/oauth2/connect/endSession"
user_info_url "https://.../am/oauth2/userinfo"
issuer "https://.../am/oauth2"
jwks_url "https://.../am/oauth2/connect/jwk_uri"
  • client_id
  • client_secret

The client_id and client_secret must correspond to the values registered in the customer's IDP.

The issuer and jwks_url must be reachable from Adhese services.

Furthermore, roles need to be mapped between Adhese and your IDP. Below is an example where the first part (before =) is the role as it could be in the IDP and the second part (after =) how it can relate to the roles within Adhese.

Example
"adhese.ad-master"                 = ["adhese.Self Service Ad Master", "adhese.Creative Master"]
"adhese.read-only"                  = ["adhese.Viewer"]
"adhese.admin"                         = ["adhese.Admin", "admin"]
"adhese.creative-reviewer"  = ["adhese.Creative Approver"]

If you as a client have multiple instances of Adhese (i.e. a testing and a production instance), you can have separate connections for each instance or use the same mapping for both instances.

 

 

 

Back to top