General OIDC
Configure Single Sign-On (SSO) with any OIDC-compliant identity provider for React Native Stallion.
Free for All Plans:
SSO is available for free on all React Native Stallion plans.
General OIDC Setup
This guide walks you through configuring SSO with any OpenID Connect (OIDC) compliant identity provider.
Prerequisites
- An OIDC-compliant identity provider
- Admin access to your identity provider
- Admin access to your Stallion organization
OIDC Requirements
Your identity provider must support:
- OpenID Connect Core 1.0
- Authorization Code Flow
- Standard OIDC claims (
sub,email,name)
Step 1: Create an OIDC Application
In your identity provider, create a new OIDC/OAuth application with the following configuration:
| Setting | Value |
|---|---|
| Application Name | Stallion SSO |
| Application Type | Web Application |
| Grant Type | Authorization Code |
| Redirect URI (Login) | https://api.stalliontech.io/api/v1/sso/auth/login/callback |
| Redirect URI (Finalize) | https://api.stalliontech.io/api/v1/sso/auth/finalize/callback |
| Post-Logout Redirect URI | https://console.stalliontech.io |
Step 2: Configure Scopes
Ensure the following scopes are enabled:
openid(required)email(required)profile(required)
Step 3: Gather Configuration Values
Collect the following values from your identity provider:
| Value | Description |
|---|---|
| Client ID | The unique identifier for your application |
| Client Secret | The secret key for your application |
| Issuer URL | The OIDC issuer URL (used for discovery) |
| Authorization URL | The authorization endpoint (if discovery not supported) |
| Token URL | The token endpoint (if discovery not supported) |
| UserInfo URL | The userinfo endpoint (if discovery not supported) |
OIDC Discovery:
If your identity provider supports OIDC Discovery, you only need the Issuer
URL. Stallion will automatically fetch other endpoints from
{issuer}/.well-known/openid-configuration.
Step 4: Configure SSO in Stallion Console
- Log in to Stallion Console
- Navigate to your Organization → SSO Settings
- Click Configure SSO
Step 4.1: Enter Configuration
Enter the following details:
| Field | Description |
|---|---|
| Domain | Your organization's email domain (e.g., yourcompany.com) |
| Org Slug | A unique identifier for your organization |
| Issuer URL | Your identity provider's issuer URL |
| Client ID | From Step 3 |
| Client Secret | From Step 3 |
Click Next to proceed.
Step 4.2: Verify Domain
- Copy the provided TXT record
- Add it to your domain's DNS settings
- Wait for DNS propagation (this may take a few minutes)
- Click Verify to confirm domain ownership
Step 4.3: Finalize SSO
- Click Finalize SSO
- You will be redirected to your identity provider to log in
- Complete authentication with your IdP credentials
- Once successful, SSO is fully configured
Claim Mapping
Stallion expects the following claims in the ID token:
| Stallion Field | OIDC Claim | Required |
|---|---|---|
| User ID | sub | Yes |
email | Yes | |
| Name | name or preferred_username | No |
| Profile Picture | picture | No |
If your identity provider uses different claim names, contact Stallion support for custom claim mapping.
Testing Your Configuration
After saving, click Test Connection to verify:
- Redirect to your identity provider works
- Authentication completes successfully
- User information is retrieved correctly
Troubleshooting
Common Issues
Invalid redirect URI
- Ensure both redirect URIs are configured in your IdP:
https://api.stalliontech.io/api/v1/sso/auth/login/callbackhttps://api.stalliontech.io/api/v1/sso/auth/finalize/callback
Missing claims
- Verify that
emailandprofilescopes are enabled - Check that your IdP is configured to include email in the ID token
Discovery failed
- If your IdP doesn't support OIDC discovery, manually enter all endpoint URLs
Need Help?:
If you encounter issues during setup, contact our support team at stalliontech.io/contact.