Skip to main content
Skip table of contents

Single Sign-on (SSO)

Overview

The GridX Enterprise Rate Platform is accessed through the client’s Single Sign-on (SSO) service. This ensures only active utility users gain access to the GridX Platform and applications. GridX then follows role based access control (RBAC) to provide users with specific access applications and associated roles.

The GridX Platform issues requests to the client’s Identity Providers (IdP) to provide a request to authenticate. Once authenticated, the customer's Identity Provider will redirect the users back to GridX applications, where single sign-on will be completed and user accounts created in GridX systems.

Configuration Setup

The following setup steps help streamline the integration between the client IdP and the IdP setup in GridX. At present, GridX only supports the OpenID Connect (OIDC) authentication protocol.

OIDC is an authentication protocol built on top of OAuth, adding user identity verification to the authorization process. It uses JWT (JSON Web Tokens) to represent user identity and claims.

Process Summary for an Environment

  1. GridX to share User Pool URL with client.

    1. Client (utility) creates a new OIDC application on their side by configuring the User Pool URL.

  2. The client should provide the following once the app integration is set up:

    • OIDC Client ID

    • OIDC Client Secret

    • OAuth Issuer URL

  3. The client sets up OIDC on their side, granting their own users to the OIDC application. The client supplies the Issuer URL.

  4. Client shares with GridX the Client ID, Secret, and Issuer URL via secure manner.

  5. GridX sets up an AWS Secret with the Client ID + Secret.

  6. GridX sets up deployment configuration in its platform

  7. GridX deploys the backend stack, retrieving the Redirect URL for the user pool.

  8. GridX shares the redirection URL back to the Utility.

  9. Utility stores the new redirection URL in their IdP configuration.

    1. Example: https://gridx-jumpcloud-qa.auth.us-west-2.amazoncognito.com/oauth2/idpresponse

  10. Utility can attempt to log into the GridX Platform: https://platform.gridx.com - note this will change based on what environment is set up, qa, stage, prod, etc.

SSO Integration Process & Timeline

Onboarding via New Portal-Based Method :
For integrations using the latest onboarding flow , the process is fully automated and handled through the self-service portal. No manual intervention is required.

Legacy Onboarding Process:
For legacy integrations, the steps are minimal — a configuration file needs to be updated, followed by a pull request and deployment. This typically takes no more than 2 hours, regardless of whether the identity provider is new, as long as it supports OIDC or SAML.

Note - The onboarding process remains the same even for new identity providers (e.g., ForgeRock), provided they support OIDC or SAML.

Gridx Design-Citadel-Customer-Onboarding (2).jpg

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close