How does single sign-on via OpenID Connect work in Inxmail?

Here is a simplified diagram of how the different players interact when you connect your external identity provider to Inxmail with single sign-on via OpenID Connect.

Steps in the process

1. Your user goes to the Inxmail login page and enters their email address.

2. Inxmail forwards the request to the Inxmail Authorization Server.

3. The Inxmail Authorization Server recognizes that it is an email address that is linked to an identity provider via single sign-on, and requests authentication from the identity provider.

   How do I set up the inital connection?

   • If you have set up a redirect, the Inxmail Authorization Server will automatically recognize that the email address is linked to an identity provider and will redirect your user to the identity provider's login.

     

   • If you have not set up a redirect, your user will have to use the URL for the first login in order to set up a connection.

     

   As of the second login and later, the Inxmail Authorization Server will automatically recognize which identity provider your user is linked to and will then forward them automatically.

   How do the users from both systems interact?

   Inxmail creates a local user. The local Inxmail user represents the user of the external system.

   Inxmail creates a new user if they do not yet exist in Inxmail. If a user already exists in Inxmail, Inxmail uses the existing user and links them to the identity provider. The leading system for all profile data is the external system (= the identity provider). The language of the user interface is an exception. Inxmail will remember your last language setting. For all profile data (except the language), Inxmail will retrieve the profile data from the identity provider every time the user logs in, and will use the identity provider's data in case of differences.

4. Users authenticate with their identity provider's login data.

5. The third-party system (= the identity provider) returns the successful authorization response to the Inxmail Authorization Server.

6. Inxmail creates a local user.

7. The Inxmail Authorization Server redirects the user to Inxmail, with a local (Inxmail) authentication.

8. Your users have been logged in.

Further Information

• OpenID Connect documentation