SSO Integration with OpenID Connect (OIDC)

Overview

OpenID Connect (OIDC) is a standard that allows users to sign in with an existing identity provider (IdP), such as Microsoft Entra ID, Okta, Duo, or other OIDC-compliant providers. Atria uses OIDC to support customer-managed authentication without requiring a custom integration for each provider.

Version Availability

OIDC SSO integration to the Atria login experience is available from Atria 15.31.

How OIDC Integrates with Atria

By integrating Atria with your own OpenID Connect (OIDC) identity provider, authentication into Atria is delegated to your existing identity system rather than relying on Atria’s built-in authentication or legacy direct integrations.

With OIDC in Atria, you can:

• Enable customer SSO using their existing identity provider.
• Support multiple customer IdPs without writing one-off provider integrations.
• Allow Multiple iDP providers per customer
• Redirect users from external systems directly into the Atria login flow.
• Enforce a default iDP provider per customer or platform wide.

Why Use This?

Using OIDC for customer authentication helps you:

• Improve user experience by allowing sign-in with existing customer credentials.
• Reduce password fatigue and account sprawl for end users.
• Provide a cleaner integration path for hosted services and ISV scenarios.
• Standardize authentication across customers while still allowing IdP flexibility.

Prerequisites

Before configuring OIDC in Atria, confirm:

• You have admin access to both Atria and the customer identity provider.
• The provider supports OIDC and standard OAuth 2.0 endpoints.
• You have a planned redirect/sign-in journey for users entering from external systems.
• You have a process for handling and rotating client secrets securely.

Login URL Parameters

The Atria login page can be driven by URL parameters to support direct sign-in journeys.

Examples:

• {AtriaURL}/login
  Opens the standard login page.
• {AtriaURL}/login?username=<user>
  Prefills the username field and shows the password path.
• {AtriaURL}/login?customerUniqueId=<guid>
  Loads the customer-specific login flow and provider options.
• {AtriaURL}/login?customerUniqueId=<guid>&username=<user>
  Combines customer context with a prefilled username.

Supported Identity Providers

Atria supports providers that follow OpenID Connect (OIDC) and OAuth 2.0 standards.

Common examples:

• Entra ID: https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc
• NetScaler: https://docs.netscaler.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/oauth-authentication/citrix-adc-oauth-idp.html
• Duo: https://duo.com/docs/sso-oidc-generic
• Okta: https://developer.okta.com/docs/concepts/oauth-openid/

We have not validated every provider individually. If a provider is standards-compliant, it should work with the Atria OIDC integration.

OIDC Setup in Atria

Detailed setup and operational guides are available in the following sub-pages:

1. OIDC IDP Provider Setup
2. Configure Entra ID as an OIDC IdP
3. Managing OIDC IDP Providers for Customers and Users
4. Troubleshooting OIDC IDP Integration Issues

Ability to set up one iDP provider for many customers

For our traditional DaaS providers or ISVs - You can configure solutions such as Netscaler/EntraID in a Multi-Tenant configuration. This means that you are able to create one OIDC Application and then have each of your customers use this provider and allow the application into their tenant. The benefits of this are

• Set up one application, for many customers
• Each new customer onboarded will be set as this option
• Ability to override at points in the hierarchy, or have multiple iDP providers for each client.