Which OpenID Connect providers can I connect?

Any standards-compliant OpenID Connect provider. Apiable's OIDC option is generic and configured by issuer URL, so it is not tied to one named vendor.

Where do I connect an OIDC provider in Apiable?

Go to Integrations then Identity Providers, start a new connection, choose OpenID Connect (OIDC), and fill in the Authorization tab. The dashboard may label this section AuthN Providers.

What fields does the OIDC option need?

Connection Name, Issuer URL, Client ID, and Client Secret are required. OIDC Configuration URL and Redirect URIs are optional.

How do users sign in with an OIDC provider after I connect it?

Turn the provider Active and assign it to companies. Their users then see its sign-in option on the portal login and are redirected to the provider to authenticate.

Integrations

Connect an OpenID Connect provider

Connect any standards-compliant OpenID Connect provider in Apiable. Enter a Connection Name, Issuer URL, Client ID, and Client Secret, then assign it to companies.

You connect a generic OpenID Connect provider as an Identity Provider under Integrations → Identity Providers. You name the connection, enter the provider's issuer URL and client credentials, then save and assign it to the companies whose users should sign in through it. The OIDC option works with any standards-compliant OpenID Connect provider.

Where do you connect an OpenID Connect provider?

Open Integrations → Identity Providers, start a new connection, and select OpenID Connect (OIDC). The select screen is headed Authentication Providers.

Open Integrations → Identity Providers.
Start a new connection. The select screen, headed Authentication Providers, lists the provider types.
Select OpenID Connect (OIDC), then continue to connect.
The connection opens on the Authorization tab, where you enter the credentials.

What does each OpenID Connect field mean?

The Authorization tab asks for a connection name, the provider's issuer, and client credentials. Required fields are marked; two fields are optional. Enter them, then save.

Field	What to enter
Connection Name	A label for this connection inside Apiable. Required.
Issuer URL	The provider's OpenID Connect issuer URL. Required.
Client ID	The OAuth2 client ID Apiable uses with the provider. Required.
Client Secret	The client secret for that client. Entered as a masked password.
OIDC Configuration URL (Optional)	The provider's discovery document URL, if it is not at the standard path for the issuer. Optional.
Redirect URIs (Optional)	Redirect URIs for the provider, if you need to set them here. Optional.

When do you set the optional fields?

Set OIDC Configuration URL (Optional) only when your provider's discovery document is not at the standard path derived from the issuer URL. Set Redirect URIs (Optional) only when you need to record redirect URIs on this connection.

Both fields are left blank for most providers. The required Issuer URL, Client ID, and Client Secret are enough for a standard OpenID Connect setup.

How do you set the display name, icon, and display mode?

Open the Details tab. Set a Display Name for the sign-in button, upload a Display Icon, and pick a Display Mode of Standalone or Grouped. These control how the provider appears on your portal login screen.

A Standalone provider gets its own button on the login screen, showing its display name and icon. A Grouped provider is reached through one shared SSO button instead. See Identity Providers for how each mode looks to the consumer.

How do you assign companies and force SSO?

Open the Assignment tab, which unlocks after you save the provider. Turn on assign all companies or pick specific ones, set Force SSO if those users must use the provider, then save the assignment.

Save the connection from the Authorization tab. The Assignment tab is disabled until the provider exists.
On Assignment, either toggle assign all companies on, or leave it off and select companies from the searchable list.
Toggle Force SSO on to remove password sign-in for those users, or leave it off to keep password as a fallback.
Save the assignment with the button on the tab.

How do you activate the provider?

Use the Active toggle above the tabs. With it on and the provider assigned to at least one company, that company's users see this provider's sign-in option on the portal login screen.

When a covered user signs in, the portal redirects them to your OpenID Connect provider to authenticate, then back to your portal. If Force SSO is on for their company, the portal does not offer them a password option.

Troubleshooting

Match what you see to the fix. Connection-level errors surface in your dashboard; sign-in behavior shows on the portal login screen.

What you see	What to do
The Assignment tab is greyed out	The provider has not been saved yet. Complete the Authorization tab and save, then open Assignment.
The provider does not appear on the portal login	Confirm the Active toggle is on and the user's company is selected on the Assignment tab.
Sign-in fails reaching the provider	Recheck the Issuer URL and Client ID, and set OIDC Configuration URL (Optional) if the discovery document is not at the standard path.
A user still sees a password field when you expected SSO only	Force SSO is off for their company. Turn it on for that company on the Assignment tab.
No company shows the provider after assigning all	Confirm assign all companies is toggled on and the assignment was saved.

Where to next

Identity Providers

The concept overview and how Identity Providers differ from Authorization Servers.

Connect Microsoft Entra ID

Connect Amazon Cognito

Authorization Servers

The OAuth2 side: tokens for API calls, not portal login.