OpenID Connect (OIDC)

OpenID Connect (OIDC) is an authentication layer on top of OAuth, an authorization framework. OAuth allows an end user’s account information to be used by third-party services, without exposing the user’s password. But while OAuth addresses authorization issues, it doesn’t touch authentication, which addresses processes and issues around logging in. OAuth’s lack of guidance around authentication led to complex, confusing integration scenarios in the past, and led to a need for the OIDC layer.

OIDC adds an authentication layer to OAuth

OIDC adds support for authentication, providing the ability to verify the identity of end users. It also provides the ability to obtain basic profile information about those end users. OIDC allows a range of clients, including web-based, mobile and JavaScript clients, to request and receive information about authenticated sessions and end-users. It can be extended, with optional features like encryption of identity data, discovery of OpenID Providers and session management.

OIDC integration for identity providers and privileged access management software

OIDC is a very useful protocol for IAM (identity and access management) software vendors to integrate and connect their services as it enables different types of applications to support authentication and identity management in a secure, centralized, and standardized way.

Services that are compatible with the OpenID Connect protocol rely on identity providers to handle authentication processes and securely verify user identities. SSH.COM supports OIDC with PrivX, which enables our privileged access management software to connect with a variety of identity providers.