188 Request a demo Download
Request a demo Download Star on GitHub · 188
BridgeLink plugin

OIDC

Standards-based single sign-on with any OpenID Connect identity provider.

User guide Request a demo

Why it matters

One identity provider for everyone.

Managing separate user accounts in every integration engine is a maintenance burden and a security risk. The OIDC plugin lets BridgeLink authenticate against your existing identity provider over OpenID Connect, an open standard built on OAuth 2.0. You manage users, roles, and credentials in one place, enforce consistent policies across systems, and eliminate locally stored passwords, all while avoiding lock-in to any single vendor.

Capabilities

What it does.

Works with leading IdPs

Integrate with providers like Google and Okta over OIDC, an open standard built on OAuth 2.0, avoiding vendor lock-in.

Centralized identity

Manage users, roles, and credentials in one place and enforce consistent authentication policies across systems.

Stronger security

Eliminate local password storage, support multi-factor authentication, and use short-lived, cryptographically signed JWT tokens.

How it works

Get started in minutes.

  1. 1

    Register BridgeLink with your IdP

    Create an OAuth client in your identity provider, for example Google or Okta, and note the Client ID, Secret, and callback URLs.

  2. 2

    Configure OIDC in BridgeLink

    Open Settings > OIDC, enable the feature, and enter your Issuer URL, Client ID, Secret, and callback URLs.

  3. 3

    Test the connection

    Run the built-in connection test to confirm BridgeLink can reach your provider and read its claims.

  4. 4

    Set your login policy

    Optionally require OIDC for all logins with an emergency exception user, and auto-provision new users with roles read from token claims.

Requirements

What you'll need.

  • An OpenID Connect identity provider, for example Google or Okta
  • An OAuth 2.0 client registered with your provider (Client ID and Secret)
  • Callback URLs configured on both your provider and BridgeLink
  • The Access Control plugin if you want roles assigned from OIDC claims

FAQ

Frequently asked questions.

Which identity providers are supported?

Any OpenID Connect provider. The guide walks through Google and Okta, and the same steps apply to other OIDC-compliant identity providers.

Can I require everyone to log in through OIDC?

Yes. Enable 'Only allow OIDC login' to require it for all users, and add an exception user for emergency fallback access.

How do service accounts still use the API?

Enable 'API Basic for Service Accounts' and select the account that may use the BridgeLink API, so automated integrations keep working alongside OIDC.

Are users created automatically?

With auto-provisioning on, a new BridgeLink user is created on first OIDC login and assigned a role read from token claims (Groups, Roles, or a custom pattern).

Does it improve security?

Yes. OIDC eliminates local password storage, supports multi-factor authentication at your provider, and uses short-lived, cryptographically signed JWT tokens.

Availability

Available as a BridgeLink plugin, configured against your own OIDC identity provider such as Google or Okta.

Add OIDC to BridgeLink.

Talk to us about your deployment, or read the full user guide to get started.

Request a demo User guide