For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

OpenID Connect Single Sign-On (SSO)

Build secure apps, faster

OpenID Connect (OIDC) is a protocol to verify user identities and get user profile information. OIDC enables devices to verify identities based on authentication done by an authentication server.

What problems does OpenID Connect solve?

One problem OpenID Connect addresses is how application developers can easily provide users with a usable and secure authentication experience, without investing a lot of time into storing and managing passwords. This enables developers to focus on building their application’s core functionality and lets them build more secure, compelling apps.

Why use OpenID Connect?

OpenID Connect is used by an increasing number of developers to build custom applications, for three reasons:

  1. Simplicity: OpenID Connect is simple to use, and offers great developer productivity around authentication.
  2. Web apps: OpenID Connect provides great support for modern web applications, which often run within a single page and have a great deal of JavaScript, such as Gmail.
  3. Mobile: OpenID Connect provides great support for native mobile applications running on iOS and Android.


Developers can learn more about how to use OneLogin OIDC support at https://developers.onelogin.com/openid-connect

How does OpenID Connect work?

In the simplest terms, OpenID Connect uses the following process to verify a user identity:

First, OpenID Connect will redirect a user to an identity provider (IdP) to determine the user’s identity, either by seeing if they have an active session (Single Sign On) or by asking the user to authenticate.

Then, once the IdP authenticates the user and authorizes them to access a particular application, the IdP redirects back to that app. This redirect also passes information about the user back to the app that it can use to confirm the user’s identity.

How does OpenID Connect compare to OAuth?

OpenID Connect is built on top of OAuth 2.0, specifies a RESTful HTTP API, and uses JSON as a data format. It has a specialized set of predefined data types and endpoints for exchanging user information between the identity provider and the application.

Is OpenID Connect an open standard?

Yes, OpenID Connect is run by the OpenID Foundation. OAuth, which it’s built on, is also an open standard, maintained by the Internet Engineering Task Force’s OAuth Working Group.

What is an example of OpenID Connect that I can play with to learn more?

Auth0 has put together a nice OIDC sandbox at https://openidconnect.net/, which walks the user through the technical details of OpenID Connect authentication process flow. Another example is Google Sign-In, built using OIDC.

If you’d like to examine additional OpenID Connect code samples, here is Auth0’s GitHub page.

Where can I learn more about OpenID Connect?

The OpenID Connect website FAQ is a good place to start.

Where can I find OpenID clients that I can use in my apps?

We recommend the Auth0 OAuth clients for OpenID Connect. They are available for a range of platforms, including iOS, Android, and Javascript. Other libraries can be found on the Libraries page of the OpenID Connect website.

OneLogin provides an OpenID Connect Identity Provider that will work with standard OIDC clients, enabling applications using OpenID Connect to work with OneLogin Single Sign-on (SSO) Portal.
Yes. OpenID Connect applications using OneLogin as an identity provider can authenticate users using multifactor authentication as well as machine learning-powered adaptive authentication.

Secure all your apps, users, and devices