Blanchard Exchange supports Single Sign On using OpenID Connect using either hybrid flow or authorization code flow.
To get started, first submit a request. Be sure to include your company name and include in your request that you wish to enable SSO using OpenID Connect. We may ask for additional details to correctly identify your account.
Next, you'll need to set up Blanchard Exchange as a OpenID Client in your OpenID Provider.
Instructions
First determine the OpenID Discovery endpoint. If the endpoint is https://accounts.google.com/ then the following should provide with discovery information https://accounts.google.com/.well-known/openid-configuration. Make note of the endpoint.
The information you to setup at the provider is:
- Authorized redirect URI: Connect with our Help Desk to receive this information
- Authorization flow. If there is an option to set the flow, select authorization code flow (recommended) or hybrid flow.
If you are setting this up against Google G Suite you will do the steps above at https://console.developers.google.com and add a client under Credentials and OAuth 2.0 client IDs.
When setting up the client, you should receive a Client ID and a Client Secret together with the discovery endpoint. Make sure you copy them exactly and send them to the Technical Services contact who provided you with the Authorized redirect URI.
If your provider require us to send any other scopes than openid/profile/email please provide that in your request.
After we have received your request and completed basic validation that the information is correct, we will enable it for your domain.