User authentication

Quria uses OpenID Connect to authenticate users. OpenID Connect is a widely spread solution that enables SSO (Single sign-on) and simplifies the administration of user accounts in a municipality. User accounts are administered centrally including handling of passwords, adding/deleting employees etc. The administration of passwords and the rules, e.g. for 2-factor authentication, are all set up in the OpenID Connect Providers implementation.

OpenID Connect is an open standard and decentralized authentication protocol. Promoted by the non-profit OpenID Foundation, it allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party service, eliminating the need for webmasters to provide their own ad hoc sign-in systems. Users can sign in to multiple unrelated websites without having to have a separate identity and password for each.

The users that need access to Quria have to be registered in Quria to get correct permissions and roles. But only the user’s email address is needed, the Quria administrator does not have to handle any passwords.

Verified providers

Currently, the following OpenID Connect providers are supported in Quria:

• Google

• Azure

• Keycloak

• Nexus

• ADFS

• MobilityGuard

See also: OpenID provider configuration and OpenID authentication configuration with scope = “openid email profile”