OIDC Technical Requirements for Non-Azure Identity Providers

This document outlines the technical requirements for integrating your OIDC identity provider with Relaymed. This applies if you are using an identity provider other than Microsoft Entra ID (such as Okta, OneLogin, or another OIDC-compliant service).

If you are using Microsoft Entra ID, see Setting Up SSO with Microsoft Entra ID instead.

What We Need From You

1. Email domain(s) - the email domain(s) your users will use to sign in to Relaymed.
2. Authority URL - the OIDC issuer URL for your identity provider, including any tenant ID if applicable.
3. Client ID - the client identifier for the Relaymed application in your identity provider.
4. Client Secret - a generated secret specific to the Relaymed application. Please send this securely (not via email).

Redirect URLs

You will need to configure a redirect URI in your identity provider's application settings. We will provide this during setup.

Required Claims

The OIDC Identity Token returned by your identity provider must include the following claims:

Important Notes

• Relaymed uses OIDC. Please create an OIDC application, not a SAML application.
• The sub claim must be stable and unique per user. Relaymed uses this value to identify returning users. If this value changes, the user will not be recognized.
• The email claim should use the same domain that your users are invited with in Relaymed. If your identity provider returns a different domain, let us know during setup.

Setup Process

1. Create an OIDC application in your identity provider for Relaymed.
2. Configure the required claims listed above on the Identity Token.
3. Send us the Authority URL, Client ID, and Client Secret (securely).
4. We will configure the integration on our side and provide you with the redirect URI to add to your application.
5. We will schedule a short call to verify the login flow is working with a test user from your organization.