Document toolboxDocument toolbox

OIDC based external authentication for Kyvos Web Portal

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)


OpenID Connect (OIDC) is a federated SSO authentication protocol built over OAuth2.0 and is already supported for authentication in the Kyvos Web Client. Kyvos also provides connectivity for third-party BI tools like XLCubed, Tableau, Power BI, etc.,
From Kyvos 2023.5 onwards, Kyvos supports OIDC authentication (Browser-based login/SSO ) for Excelerate desktop and web version.

To configure the OIDC (Auth2.0) as an external authentication provider for the Kyvos Web Portal, perform the following steps. 

  1. On the navigation pane, click Security > Web based SSO.
    The Web based SSO dialog is displayed. 

  2. Select the Enable External Authentication check box to define the external authentication mechanism for the Kyvos Web portal.

  3. Select the OIDC option from the Provider list.

  4. Enter details as:

Parameter/Field

Comments/Description

Parameter/Field

Comments/Description

Header Name

Enter the name of the HTTP header that contains the user name in the HTTP request.

Header Type

Select the type of value to be sent by the external authentication tool as an SSO token.

Error Redirection URL

Enter the URL to which the user will be redirected if there is an error in authenticating the Kyvos application with OIDC
Absolute URLs are supported. 
For example: http://host:port/appname

  1. For OIDS Settings for Confidential Client and Public client, enter details as:

  1. Click the Save button to save changes.

Configuration type and supported tool

Configuration Type

Kyvos Web Portal

Excelerate Desktop

Excelerate Web

Confidential OIDC

Public OIDC

Copyright Kyvos, Inc. All rights reserved.