Back
IAM
CDNetworks Documentation IAM User Guide OIDC SSO Basic Process

OIDC SSO Basic Process

Last update:2026-03-25 15:16:49

OIDC (OpenID Connect) is an authentication protocol built on top of OAuth 2.0. CDNetworks supports user SSO based on OIDC.

SSO basic concepts

Concept Description
OIDC OIDC stands for OpenID Connect, which is an authentication protocol built on top of OAuth 2.0. OAuth is an authorization protocol, while OIDC adds an identity layer to the OAuth protocol. In addition to the authorization capabilities provided by OAuth, it allows clients to verify the identity of the end user and obtain basic user information through the API (in HTTP RESTful format) provided by the OIDC protocol.
OIDC token OIDC can issue identity tokens on behalf of logged-in users, known as OIDC tokens. These tokens are used to obtain basic information about the logged-in user.
Client ID When your application is registered with an external IdP, a Client ID is generated. You must use this Client ID when requesting the issuance of an OIDC token from the external IdP. The issued OIDC token will also carry this Client ID in the aud field. When creating an OIDC identity provider, configure this Client ID, and then when exchanging the OIDC token for an STS token, the Client ID carried in the aud field of the OIDC token will be validated against the Client ID configured in the OIDC identity provider. Only if they match will login be permitted.
Identity Provider URL OIDC identity provider identifier. This is the address used to obtain OIDC metadata, typically ending with /.well-known/openid-configuration.
Mapping Fields The field in the OpenID Connect identity provider that maps to the CDNetworks Console username.
Signature Public Key The public key used to verify the signature of the OpenID Connect identity provider’s ID token.

Basic Process

  1. Register the application with an external IdP to obtain the application’s Client ID.
  2. Create an OIDC identity provider in the console’s access control, configuring the trust relationship between CDNetworks and the external IdP.
  3. Issue an OIDC token from the external IdP.
  4. Use the OIDC token to obtain temporary credentials.
  5. Use the temporary token to access the CDNetworks console.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!

CDNetworks Inc., © 2025. 1840 Enterprise Way, Monrovia, CA 91016 – All rights reserved.