This guide explains how your company can connect its own Identity Provider (IdP) to the Cofinity-X Portal for Single Sign-On (SSO) using OIDC (OpenID Connect).
In the Cofinity-X Portal, you can add your company IdP under:
Technical Setup → Identity Provider Configuration → Add Identity Provider
During the setup, you must provide your IdP connection details and register the redirect URL generated by the portal in your IdP configuration.
Before you start
To connect your own IdP, you need:
an OpenID Connect-compatible IdP, such as Azure AD, Keycloak, or another OIDC provider
the following configuration values from your IdP:
Metadata URL ending in
/.well-known/openid-configurationClient ID
Client Secret
the Redirect URL generated by the Cofinity-X Portal
The redirect URL must be registered in your IdP exactly as provided. Wildcards are not supported.
Configure your Identity Provider in the Cofinity-X Portal
Go to:
Technical Setup → Identity Provider Configuration → Add Identity Provider
Select the following options:
Authentication Type: OIDC
Identity Provider Type: Own
After Creating the IDP entry, you need to configure the connection details to your company IdP.
Information you must provide
When setting up the connection, you need to enter:
Metadata URL
Client ID
Client Secret
Redirect URL generated by the portal
After entering the required values, save the configuration and proceed with the setup.
Notes on common IdP terminology
In Azure, the Application ID is your Client ID
In Keycloak and similar systems, this value is usually called Client ID
After entering the required information, save the configuration and proceed to the next step.
Connect your existing user account
To activate your IdP, your existing Cofinity-X user account must be linked with your user identity from the newly added IdP.
Depending on your setup, this user identifier may be:
your Provider ID if you are using Azure
your email address for other IdPs
You can find the Azure Provider ID retrieval steps further below in this guide.
Important note for custom company IdPs
For standard setups such as Azure AD or Keycloak, the portal setup usually works directly as described.
If your company uses its own custom OIDC provider or a setup that does not map the user email in the standard way, an email mapper must be added manually on our side.
In such cases, please contact [email protected] so we can enable the required email mapping for your company.
Without this email mapping, users may not be matched correctly to their existing Cofinity-X accounts during login.
Additional Helpful Resources
Configuring Azure as an example to retrieve necessary details.
Create New Enterprise Application.
Log in to your Microsoft Azure account.
Navigate to Enterprise Applications.
Create New Application
Register the Application.
From the Homepage, navigate to App Registrations.
Register your Application
In your application, navigate to ‘Overview’. The application ID is your Client ID needed in the above step of configuring the connection details to your company IdP
In your application, navigate to ‘Manage’ >> ‘Certificates & Secrets’ and create a new secret. This will be your Client Secret in the above step of configuring the connection details to your company IdP.
In your application, navigate to ‘Overview’. Locate the Endpoints option and you will find a list of endpoints. Your Metadata URL is the endpoint that ends in ‘/.well-known/openid-configuration’
Register the redirect URL in your Open ID instance
Copy and paste the redirect URL from Portal in the Authentication
Retrieving the Provider ID from Cofinity-X:
Here are the steps you can follow to retrieve your Provider ID:
First, if you haven't already, create a managed IDP in the Cofinity-X Portal.
Logout from your company and log in to the newly created managed IDP in the Cofinity-X Portal.
Upon logging in, you may be prompted to log in to Azure. After successful login, you'll see a screen that displays the username, which you can use as the "ProviderId" in the invitation payload.
For any questions, feel free to reach out to [email protected].