# OpenID Connect

### Step 1: Choose your SSO provider

In Avion, go to your organization's **Single Sign-On** section. Select **OpenID Connect** from the list of available providers:

![](https://3578170569-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LL6HR00hwiJJav4pLph%2Fuploads%2FsKFO6qLxgcxouooqN23i%2Fopenid-connect-selection.png?alt=media\&token=db42ffae-d559-41fb-a381-999e7813fe66)

### Step 2: Configure SSO

To ensure a successful integration, Avion requires a **Form POST** redirect behaviour after authentication.

You will also need the following settings from your identity provider:

* Client ID
* Client Secret
* Authorization Endpoint
* Token Endpoint
* UserInfo Endpoint

{% hint style="info" %}

#### Additional scopes *(optional)*

In order to successfully authenticate sign in requests, your OpenID Connect service must allow access to **profile** and **email address** information from your **UserInfo** endpoint. The shape of this data must follow OIDC specifications.\
\
Avion already uses industry standard scopes by default, including: **`openid`**, **`profile`** and **`email`.**\
\
However, if your service requires the use of additional scopes to allow access to this data, please ensure these are entered as a **space-delimited** string.
{% endhint %}

#### OpenID Connect setup form

![](https://3578170569-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LL6HR00hwiJJav4pLph%2Fuploads%2FZKql8pLRC9RyRjtH5Hef%2Fopenid-connect-setup-form.png?alt=media\&token=a2833c79-1336-436a-99ab-340bca34032b)

Once you have your OpenID Connect settings ready, populate the setup form with the relevant details, hit **Save Configuration** and you're done!