/
Connect your enterprise SSO with S-360 Backoffice

Connect your enterprise SSO with S-360 Backoffice

Attack threats are becoming increasingly frequent and require constant investment in security. The reason why Security is one of SecuTix top priorities. We regularly invest in new technologies and new features to ensure our clients with a high level of security. Securing the access to S-360 back-office is part of our initiatives around Security. 

Solution

We are offering now a standard possibility to integrate with OpenID Connect (OIDC) SSO provider. This will contribute Securing the access to S-360 back-office if you are not using already our MFA solution.

Getting started

This integration only works with OICD protocol.

Step 1: Prepare Configuration

Create the OIDC configuration using the following template:

{ "protocol": "OIDC", "default": "<To be input>", "name": "<To be input>", "callbackUrl": "<To be input>", "stxAccountAttribute": "<To be input>", "clientId": "<To be input>", "clientSecret": "<To be input>", "discoveryUri": "<To be input>" }

 

Parameter

Description

Example

Parameter

Description

Example

Parameter

Description

Example

Parameter

Description

Example

1

protocol

"OIDC": Fixed value for OIDC authentication.

OIDC

2

default

Defines the default login page:
true→ Uses the delegated login page by default.
false→ Uses the STX login page by default.

true

3

name

Institution code

PLAY

4

callbackUrl

The URL where the OIDC provider will redirect after

Format: https://<institution url>/cas/login?client_name=<Instit_Code>

https://play.int2-pos.secutix.com/cas/login?client_name=PLAY

5

stxAccountAttribute

Defines the OIDC claim used to identify the operator in STX.

Currently, only the email address claim is supported.

The email address returned by the OIDC provider must match the operator’s internal email in STX. This ensures the login is mapped correctly to the operator’s account.

Optional claims: email

image-20250304-123031.png
6

clientId

The application's client ID for authentication.

Application (client) ID: XXXXXXXX-b0cc-XXXX-a0c3-3eb69b264e79

image-20250304-120150.png
7

clientSecret

A confidential key for authenticating with the OIDC provider.

Secret ID: XXXXXXXX-001e-XXXX-862b-4dc3409c3763

image-20250304-115536.png
8

discoveryUri

The endpoint to retrieve OIDC metadata (e.g., authorization, token, and user info endpoints).

OpenID Connect metadata document: https://login.microsoftonline.com/XXXXXXXX-4c7f-XXXX-8511-d45615e6f78d/v2.0/.well-known/openid-configuration

image-20250304-120708.png

 

Example:

{ "protocol": "OIDC", "default": "true", "name": "PLAY", "callbackUrl": "https://play.int2-pos.secutix.com/cas/login?client_name=PLAY", "stxAccountAttribute": "email", "clientId": "XXXXXXXX-b0cc-XXXX-a0c3-3eb69b264e79", "clientSecret": "XXXXXXXX-001e-XXXX-862b-4dc3409c3763", "discoveryUri": "https://login.microsoftonline.com/XXXXXXXX-4c7f-XXXX-8511-d45615e6f78d/v2.0/.well-known/openid-configuration" }

 

 Step 2: Apply Configuration in STX

For this contact the service team who will do the activation in your environment.

Step 3: Configure the Callback URL in the OIDC Provider

Add the callbackUrl (same as in Step 1) to OIDC provider’s Redirect URIs or Callback URLs section

image-20250305-115355.png

Testing

The email address returned by the OIDC provider must match the operator’s internal email in STX. If the emails do not match, the login will fail.

image-20250311-082012.png

Additional information

  • To disable OIDC please contact our Service team

  • Only one Delegate Authentication is applied per institution so you won’t be able to use two OIDC different SSO for your institution.

  • All operators must be created manually

  • The operator’s email must be set to the email used to log in the external IDP system

  • There is no event trigger between the Backoffice and the external IDP system, so any action that modif

© SecuTix 2023 - Login