Alert EnterpriseWiki

OpenID Connect (OIDC)

Authentication

An identity layer on top of OAuth 2.0 — defined by the OpenID Foundation. OIDC adds an id_token (a JWT with user identity claims) to OAuth 2.0's access-token model, so that an application can verify the user's identity via a single round trip with the Identity Provider rather than calling a separate /userinfo endpoint.

OIDC is the modern federation protocol for new applications — simpler than saml, JSON-native (no XML signatures to validate), and well-supported across IdPs (Okta, Entra ID, PingFederate, Auth0, Google, Apple Sign-In). AE Guardian supports OIDC as an alternative to SAML for the SSO connectors but most enterprise deployments still standardize on SAML for historical reasons.

Specifications: OpenID Connect Core 1.0 (final), Discovery 1.0, Dynamic Client Registration 1.0.

What other systems call it

Per-vendor / per-standard terminology for this same concept.

SystemTerm / Notes
STStandardsOpenID Connect Core 1.0
RFRFCOAuth 2.0 base — RFC 6749
OKOktaOkta supports OIDC across all SSO scenarios
MEMicrosoft Entra IDEntra ID supports OIDC as primary protocol for new app registrations

Used by 7 connectors

Connectors in the catalog that reference this concept.

Azure SSO (legacy — superseded by Microsoft Entra ID SSO)
Microsoft
Microsoft Entra ID SSO
Microsoft
Microsoft Entra ID (formerly Azure AD)
Microsoft
Okta Single Sign-On
Okta
Okta
Okta
PingFederate Single Sign-On
Ping Identity
SailPoint (Identity Security Cloud)
SailPoint
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.