/ /
Integrating Single Sign-On (SSO) with An OIDC Provider
This article explains how to integrate Single Sign-On (SSO) with The Global Work Platform using any Identity Provider (IdP) that supports the OpenID Connect (OIDC) protocol. This integration allows your users to securely log in using your organization’s existing identity provider for a seamless and centralized experience.
High-Level Steps for OIDC SSO Integration
To integrate SSO via your OIDC provider, follow these key steps:
First, an admin must create and configure an OIDC application within your identity provider. Next, retrieve the Client ID and Client Secret. Then, securely send these credentials to Pebl for integration. Finally, ensure appropriate access is granted to users or groups and the app is visible in the provider’s dashboard (if supported).
Step 1. Admin Creates and Configures OIDC Application
To begin the integration process, an administrator will need to create an OIDC-compatible application in your Identity Provider’s admin console. The process may vary slightly depending on the provider you’re using.
General Configuration
When setting up the OIDC application, be sure to include the following:
Application Type: Select
OIDCorOIDC - Web Application(terminology may vary by provider)Application Name: Suggested name: Pebl Work Platform
Upload App Icon: Optional, enhances user experience in dashboards
User Assignment: Assign specific users or groups to the app
Redirect URIs
Use the following URIs exactly as shown:
URI Type | Value | Notes |
|---|---|---|
Sign-in Redirect |
| Required for login flow (no wildcards) |
Sign-out Redirect |
| Used post-logout |
Important: Providers such as Google Cloud Identity and Microsoft Entra ID do not allow wildcard URIs. Always use the exact URIs listed above.
Provider-Specific Notes
Identity Provider | Key Differences |
|---|---|
Google Cloud Identity | Set exact redirect URIs, manually enable required OIDC scopes |
Microsoft Entra ID | Register under “App registrations,” assign via “Enterprise Applications” |
One Identity | Ensure OIDC module is enabled; steps may vary based on deployment |
Okta | See Integrating SSO with Okta |
PingFederate | See Integrating SSO with PingFederate |
Refer to your provider’s documentation for exact setup steps.
Step 2. Retrieve SSO Credentials
Once the application has been created, you’ll need to collect the following values from your identity provider’s admin console:
Client ID
Client Secret
These are usually found in the application’s OAuth 2.0 or Client Credentials section.
Security Reminder: Keep your Client Secret secure. Do not include it in email, forms, or public documents.
Step 3. Send Credentials to Pebl
After retrieving the credentials:
Open a support request using our Customer Request Form
Select the topic: Account and System Support for The Global Work Platform
Our support team will then coordinate a secure method to collect your Client ID and Client Secret.
Do not include the Client Secret in the request form submission itself.
Step 4. Assign Users and Enable Dashboard Access
Once integration is complete, be sure to:
Assign Users or Groups: Grant access to the correct users within your IdP
Enable Dashboard Visibility (if supported):
For platforms like Okta and Microsoft Entra ID, ensure the app icon is visible to users on their dashboard
Look for a setting such as “Display application icon to users”
Completion
After we’ve completed the configuration on our end, you will receive a confirmation that the integration is live. Users will then be able to access the Global Work Platform through your organization’s SSO provider.
Need Help?
If you need assistance during setup:
Contact your Identity Provider administrator
Or, share their contact information with us so we can work with them directly
You may also consult your provider’s documentation for setting up OIDC applications
For additional help, see:
Was this article helpful?