OIDC

OpenID Connect (OIDC) is a modern authentication protocol built on top of OAuth 2.0. It lets your team sign in to Recomly using your existing identity provider — such as Okta, Azure AD, or Google Workspace — through a standard OAuth 2.0 authorization code flow.

Prerequisites

• A Recomly plan that includes SSO
• Admin access to your identity provider
• Admin access to your Recomly organization

Overview

Recomly acts as the Relying Party (RP). When a user signs in, they are redirected to your IdP, authenticate, and are redirected back to Recomly with an authorization code that Recomly exchanges for an ID token containing the user's identity.

Step 1 — Get your redirect URI from Recomly

1. Go to Account → Single Sign-On in the Recomly dashboard.
2. Click Add provider and select OIDC.
3. Copy the Redirect URI — you will need this when registering the application in your IdP.

Step 2 — Register an application in your identity provider

In your IdP, create a new OIDC/OAuth 2.0 application:

• Set the application type to Web
• Enter the Redirect URI from Step 1
• Enable the Authorization Code grant type
• Request the following scopes: openid, email, profile
• Set the token endpoint authentication method to client_secret_post — Recomly sends client credentials in the request body (HTTP POST), not as an HTTP Basic Authorization header. Some identity providers default to client_secret_basic; if yours does, change it or the token exchange will fail.

Your IdP will generate a Client ID and Client Secret for the application.

Step 3 — Enter your IdP details in Recomly

Back in Recomly, enter the following values from your IdP:

Recomly uses the issuer URL to auto-discover your IdP's authorization, token, and userinfo endpoints via the standard /.well-known/openid-configuration path.

Step 4 — Test the connection

After saving, test sign-in with an account from your IdP to verify the connection is working before rolling it out to your team.