Orchestration SDKs

Introducing OIDC Sign-on

PingOne PingOne Advanced Identity Cloud PingAM OIDC-compliant servers Android iOS JavaScript

The OIDC module can help you to sign on to your authorization server using an OpenID Connect flow, and leveraging the server’s own UI to authenticate your users in your apps.

We call this OIDC sign-on, but it was previously known as centralized login.

With this option, you reuse the same, centralized UI for sign-on requests in multiple apps and sites.

When a user attempts to log in to your app they are redirected to your server’s central sign-on UI. After the user authenticates, they are redirected back to your app.

Changes to authentication journeys or DaVinci flows are immediately reflected in all apps that use OIDC sign-on without the need to rebuild or update the client app.

Likewise, any features your server’s UI supports are also available for use in your web or mobile apps.

android central
Figure 1. OIDC sign-on in Android

Use cases

If you require a consistent UI and user experience (UX) in all your apps and sites, using OIDC sign-on may be the best option.

Simple branding and control over your authentication UX is sufficient.

Your mobile apps use browser-based single sign-on.

Security considerations

Using OIDC sign-on in apps built by a third party is safer than using embedded sign-on.

Third parties cannot access user credentials.

User credentials are authenticated in one domain/origin and not sent elsewhere for authentication.

Your apps and sites can use browser-based single sign-on.

Next steps

Discover how to implement OIDC sign-on in the following platforms:

OIDC sign-on for Android
OIDC sign-on for iOS
OIDC sign-on for JavaScript