OIDC Authentication

Admin Authentication

OIDC can be configured for administrators to log into the VNS3 controller. To configure a VNS3 controller for OIDC login, click on Identity Managment on the left navigation and click on the VNS3 Admins tab on the top right of the configuration page.

Add the client OIDC application (see your Identify Provider for creating OIDC applications) identifier and the secret, then add the associated URL’s. For convenience, the OpenID Connect Discovery URL can be used to auto populate the OIDC urls by clicking on Use discovery. Note, be sure to click to enable the ODIC authentation at the top left of the configuration page.

The following shows a configured OIDC controller: VNS3 Admin Username UI

Logging into the UI using OIDC

Logging into the UI using the sytem account requires entering the controller username and password and clicking Login. If OIDC is configured on the controller, you will see an additional option with a link below the form, such as below (Log in with okta.com), that administrators can click to log in via OIDC and administer the VNS3 controller. VNS3 Admin Username UI

VPN Client Authenication

Wireguard VPN clients can be configured to authenticate using OIDC to connect to the VPN. To configure a VNS3 for OIDC login, click on Identity Management of the left navigation and click on the VPN Users tab on the right. Add the client OIDC application (see your Identify Provider for creating OIDC applications) identifier and secret, then add the associated URL’s. For convenience, the OpenID Connect Discovery URL can be used to auto populate the OIDC urls by clicking on Use discovery. Note, be sure to click to enable the ODIC authentation at the top left of the configuration page.

The following shows a configured OIDC controller to use: VNS3 Admin Username UI

Once configured, VNS3 VPN clients (Download VNS3 VPN Client) will see a browser window appear when they attempt to make a VPN connection, enter the credentials and then a message will appear that authentication has succeeded and the VPN connection is completed.