Articles on: Workspace

How do I enable OpenID SSO authentication?

With OpenID-based single sign-on (SSO), your users can access MerciApp through the identity provider of your choice.


SSO is only available for MerciApp Enterprise subscriptions and can only be configured by a space owner.


How single sign-on works


  • When a member tries to log in to MerciApp via single sign-on, an OpenID request is sent by MerciApp to the identity provider.
  • The identity provider reviews the member's login information and sends a response to MerciApp to certify the user's identity.
  • Once this verification is complete, MerciApp validates access, allowing the member to log in to their MerciApp account.


What happens after single sign-on is activated?


When single sign-on is first configured, existing MerciApp users will be able to continue accessing their accounts without interruption. However, the next time they log out, their session expires, or they attempt to log in from a new device, they will be redirected to the single sign-on process.


All other login options will be disabled for users, including email and password, Google, and LinkedIn login methods.


Setting up single sign-on


Identity providers


You can use any identity provider of your choice as long as it offers authentication via the OpenID protocol. Here are some of the most commonly used ones:


  • OKTA
  • Microsoft Azure AD
  • OneLogin
  • Microsoft ADFS
  • Auth0
  • Google SSO
  • JumpCloud SSO


General configuration


To configure OpenID Connect:


  1. Go to your space settings in the "Settings" tab. Click on "Security" to expand the configuration options. Leave this page open for later.
  2. Contact your identity provider's administrator to obtain the necessary information.


You will need your identity provider's configuration URL. This URL is called the Discovery URL or Well-Known URL, and can be found in your identity provider's documentation.


Depending on the authentication method selected, you will also need to enter the following variables:


  • Client ID: this is the client ID for the MerciApp configuration in your identity provider.
  • Client Secret: this is the client secret for the MerciApp configuration in your identity provider.


Identity provider configuration


This step must be performed on your new application with your identity provider. This tells the provider what information is expected about a user when they log in to their MerciApp space.


Configuring transmitted user attributes (required)


The required scopes are email, profile.


Configuring teams (optional)


It is possible to automatically link your company's users to teams within your MerciApp space. If the users already exist on the MerciApp side, they will be linked to their team the next time they log in.


Configuring login URLs


You will need to authorize the MerciApp redirect URL (also called Callback URL): https://web.merci-app.com/sso/callback.


You will also need to specify the login URL (also called Login URL). You can find it in the yellow box on the SSO settings page of your MerciApp space.


Example of OpenID SSO configuration information


Activation


We recommend that you notify existing users before activating SSO.


Once your users have been notified, click on the "Activate and close" button to confirm the integration of OpenID SSO on your space.


After activation, all other login options will be disabled for users, including email and password, Google, and LinkedIn login methods.

Updated on: 11/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!