Generic OIDC Provider

  • Updated on Feb 20, 2025
  • Published on Feb 12, 2025
  • 1 minute(s) read

Step by step guide to configure your Identity Provider as an OIDC Identity Provider within Visma

Follow the steps below to configure your identity provider (IdP) as an OIDC Identity Provider within Visma. Keep Authentication Settings open in your browser while you access your IdP control panel in a new window or tab. You will need to return to the Single Sign-On page to complete the configuration steps.

Prerequisites

  1. Access to your Identity Provider admininstration panel

  2. All of your users under your account in Visma will need a pre-existing account in your IdP with exactly the same email address

    A. Configure Visma Single Sign-On app

1. Sign in into Authentication Settings and go to the Single Sign-On page

OpenID Connect overview

2. Enter your mydomain (i.e. example)

3. Click Add OIDC Identity Provider choose Your identity provider

Configure OpenID Connect integration

B. Configure the OIDC application in your Identity Provider

Open a new tab/window in your browser and follow these steps:

  1. Log into your identity providers administrative portal.

  2. Go to the page where you setup OpenID Connect integration for applications

  3. Add a new integration/application

  4. When asked for Sign-in and Sign-out redirect URI, paste the URLs from Authentication Settings section 1

  5. Configure claims/scopes. Visma expects the scopes

    1. openid - required

    2. email - required, contains users email address

    3. profile - required, contains users firstname and lastname

  6. Save settings

C. Go back to Authentication Settings to continue the Single Sign-On setup

  1. On section 2 Configure OpenID Connect Client enter the following values copied from your new app registration

  2. For Authority the value should be a URL

  3. For Client ID, paste the value copied from Client ID

  4. For Client Secret, paste the value copied from Client Secret

  5. Now go to section 3 Advanced Configuration where you can decide if you wish to “Just in time provision” users when they sign with your IdP into Visma

  6. Click Save

D. Test the Single Sign-On with your Identity Provider

To make sure SSO is working,  go to your Visma MyDomain e.g. https://example.my.connect.visma.com directly, and then click the “Sign in with <mydomain>“ button.

Once you have verified that the SSO is working, you can go to Policies and disable Visma credentials, so that your users are straight away redirected to your identity provider