Knowledge Base

Use OpenID to authenticate

OpenID Connect is a well-defined standard that implements the OAuth2. If you want your users to use OpenID to authenticate in Bynder, make sure you provide us with the right details, and configure your end of the infractructure.

Configure OpenID

  1. Configure Bynder as an application in your OpenID infrastructure.

  2. Grant the Bynder application the “openid”, “email”, and “profile” roles (or equivalent) for Bynder application to be able to access the “email”, “givenName”, “familyName” fields in addition to the OpenID standard sub-field.

Things to provide to Bynder

Make sure you provide your Implementation team or your Customer Success Manager with the following data so that we can make the authentication work for you:

  • client_id and client_secret

  • endpoints for authorization_endpoint and token_endpoint

  • If you need userinfo_endpoint to access further information (such as email, givenName, familyName), supply the userinfo_endpoint as well.

  • If you want to map Bynder profiles or groups based on a field from the OpenID Connect data supply the following:

    1. the name of the field

    2. specify if the field should be obtained from the userinfo_endpoint or the id_token

    3. profiles in Bynder that you want the field to be mapped to, or groups if you want to map groups.

      Note

      The profiles are a 1:1 mapping, so make sure you send a single field as the profile field to avoid ambiguities.

  • Let us know whether you want users who successfully authenticate on your side to be allowed to access Bynder.

    • If you want all users who successfully authenticate to access Bynder, and all others to be denied, then Bynder must ensure that the Bynder “defaultProfile” is not present.

    • If you do not want profile mapping to be configured, or if you want users that do not match a Bynder profile to still receive Bynder access, the inform Bynder about the Bynder profile non-matching users should receive.

Learn more