Retarus Intelligent Document Processing (IDP) supports Single Sign-On (SSO) integration using the OpenID Connect (OIDC) protocol. Your users can authenticate using their existing identity provider credentials instead of maintaining separate Retarus-specific passwords.
SSO integration provides:
- Simplified access
Users sign in to Retarus IDP using their existing corporate credentials. - Automatic permissions
Users automatically receive appropriate roles based on mapped role/group claims. - Streamlined management
You don't need to manage additional passwords.
The integration uses the standard OIDC flow with Keycloak acting as the OIDC broker (client). Your identity provider authenticates users, while Retarus IDP authorizes access based on role mappings derived from id_token claims.
To enable SSO integration, provide:
- Discovery endpoint URL from your OIDC-compliant identity provider (e.g., Microsoft Entra ID)
- Client ID and Client Secret
- Redirect URI (callback URL) registered in your identity provider
- Information about your role/group claims structure
For more information, see the OIDC Identity Provider Setup Guide.