OpenID Connect support in BoldReports

The Bold Reports® application can be configured to support OpenID Connect for Single Sign-On (SSO), allowing users to log in directly to the Bold Reports® application after authenticating using OpenID Connect.

Prerequisites

  1. An account with an OpenID Connect provider.

  2. Register the Bold Reports® application in the OpenID Connect provider.

Steps to configure OpenID Connect in BoldReports

  1. Click the Settings option in the left-side panel of the Report Server.

  2. Navigate to the Authentication tab and OpenID Connect as shown in the following image Active Directory Settings

    Active Directory Settings

  3. Provide the following details in the OpenID Connect settings of BoldReports application.

Provider Name It represents the name of the authentication provider to be displayed on the login page.
Provider Logo It represents the logo of the authentication provider to be displayed on the login page.
Authority It is the instance created within the provider for the user.
Client ID It is a unique identifier provided to each of the applications while registering with the providers.
Client Secret It is a secret key used to authorize the applications.
Identifier It is the property name that stores the email address of the user in the deserialized ID token.
Logout Endpoint It is an endpoint that logs out the third-party provider.

Note: While configuring OpenID Connect, you need to choose the appropriate Response Type either token-id or code for the Group Claims settings.

Response Type

Group Claims Authentication

This section allows automatic user and group mapping based on the group claim received in the authentication token. The claims are typically represented as a JSON object containing key-value pairs for each claim. Provide the appropriate JSON key to identify the group claim value.

Enable User and Group Mapping When enabled, the system fetches group claim values from the token and dynamically maps users to one or more groups during login.
Un-map Existing Groups of User and map to New Group When enabled, all previously assigned groups for the user are removed, and the user is mapped only to the groups specified in the claim.
Group Claim Name Enter the claim name that contains the group identifiers. Users will be mapped only if the group names in the claim match existing groups in the site.

Group-Claims-Settings

Note: Please refer to the OpenID Connect authentication documentation for more information.