Follow these steps to start using the IDprovider

OIDC server

You will need access to an OIDC server. These are available from a range of different providers like Google, Azure, Auth0 and ID porten, and you may run your own based on software.

For your respective prodvider you will typically need to create a Client or application that will represent the Enonic integration. Typical values you will need later from this setup are typically:

  • Client ID

  • Client secret

  • Issuer Identifier (URL)


On your Enonic server, start by installing the application to your Enonic instance. It is available on Enonic Market.


Secondly, the application requires a detailed configuration in order to communicate with the 3rd party OIDC server. Create a and tune a configuration file called and add it to your XP instance.

Full details on how to configure the application is described in the configuration chapter.

You may also find our configureation examples useful.

Your Enonic IDprovider should automatically be create once you add your configuration file

Manual setup

If you disable autoInit, the IDproviders may manually by created by following these steps:

  1. From Enonic admin console: XP menuUsersNewID provider admin tool "Users"

  2. Fill in the displayName field, which generates the ID provider name just below

    idprovider name

    The ID provider name cannot be changed later, so choose wisely before saving.

  3. For the "Application" field, select the "OIDC ID Provider" app you installed earlier.


Finally, you will need to map the IDprovider to an Enonic ingress/vhost where it will be used - i.e to enable login for the XP admin console, a website or an API.


When using the self service cloud, simply edit the Ingress, then select the idprovider you created above i.e. myoidcprovider.

Save, and the change should take effect shortly.


To manually configure the ID provider on your XP instance, you will need a vhost definition.

Edit the XP configuration file com.enonic.xp.web.vhost.cfg, and map the idprovider to your a vhost.

(See Virtual Host Configuration for more information).

Example vhost mapping for Admin console =
mapping.example.source = / = /admin
mapping.example.idProvider.myoidcprovider = default
myoidcprovider in the example above must match the name you used in the idprovider configuration.

Redirection/Callback URI

Finally, if you want to use form-based authenticated (aka Authorization Code Flow), End-Users will be redirected back to your Enonic endpoint from the authorization server. For security reasons you will need to register this URL in the configuration of your OIDC providers Client/Application.

The callback URL depends on your Enonic Vhost/Ingress and the name of the ID Provider you want to use. It typically has the following format: [host+sourcepath]/_/idprovider/[idprovidername], where idprovidername must match the idprovider registered in Enonic XP.