OIDC SSO

Cryptlex supports Single Sign On through OpenID Connect as well. This allows your end users to authenticate using trusted identity providers such as Google, Microsoft, Okta, and others.

Configuring Single Sign-On with OIDC

To enable OIDC-based Single Sign-On (SSO) in your Cryptlex account, go to Settings → Account in the admin portal and select Configure OIDC SSO.

In the configuration dialog, provide the following details from your identity provider (IdP):

• Client ID: The unique identifier assigned to your application by the IdP.

• Additional Client IDs: A comma-separated list of secondary client IDs, if applicable.

• IdP Issuer URL: The issuer URL of your OIDC provider.

• Default Role: The role assigned to newly provisioned users when no role claim is provided by the IdP.

• Name Claim: The claim that contains the user’s name.

• Email Claim: The claim that contains the user’s email address.

• Role Claim: The claim that contains the user’s role.

• Auto-Provision Users on First Login: When enabled, the IdP must supply Email, FirstName, LastName, and Role claims. These attributes are required for just-in-time (JIT) user provisioning in Cryptlex.

After completing all required fields, save the configuration to enable OIDC SSO.

Using OIDC with LexActivator

LexActivator includes built-in support for OIDC authentication, enabling your application to validate users through your configured identity provider before proceeding with license operations.

Authenticating the user

The authentication workflow remains consistent with the process described in Named User Licenses documentation, including user license retrieval and activation. The only difference is the use of the AuthenticateUserWithIdToken() function in place of the AuthenticateUser() function.