Mendix - SSO Configuration
This document has been tested and approved by Kelvin Zero Inc
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mendix using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Mendix, ensure you meet the following requirements:
- Mendix admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Mendix are registered in your IdP and have the necessary permissions to access Mendix
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
- Mendix admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Mendix are registered in your IdP and have the necessary permissions to access Mendix
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Mendix - SSO Configuration
Step 1 — Configure Multi-Pass as the Identity Provider (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select in the custom integration section OIDC
- Populate the fields based on the table below
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | mendix |
| Name | mendix |
| Description | Mendix OIDC Integration |
| Client Authentication | ON |
| Home URL | https://login.mendix.com |
| Valid Redirect URIs | https://login.mendix.com/oidc/callback |
- Select Add Integration
- Go to the advanced console by clicking on the right side of your screen
- Click on Client and search for Mendix
- Verify that the fields are populated as follows:
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | mendix |
| Name | mendix |
| Description | Mendix SSO Integration |
| Always display in UI | OFF |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL | https://login.mendix.com |
| Valid Redirect URIs (ACS) | https://login.mendix.com/oidc/callback |
Capability Config
| Setting | Value |
|---|---|
| Client Authentication | ON |
| Authentication Flow | Standard Flow & Direct Access Grants |
- Browse to the Credentials Tab and copy the Secret Key (to be used in Step 2)
- Browse to the Client Scopes Tab and click on the first scope in the list
- Click Add Predefined Mapper and add the following mappers:
- given name
- username
- family name
Step 2 — Configure Mendix as the Service Provider (SP)
- Log into Mendix as an Administrator
- Navigate to the Mendix Control Center
- Browse to Security > Settings > Single Sign-On
- Select Configure Single Sign-On
- Select Add Configuration
- Continue on the prompt About enabling Single Sign-On (BYO-IDP)
- Populate the fields based on the table below
| Field | Value |
|---|---|
| Configuration Name | Multi-Pass |
| OpenID Connect Endpoint URL | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Client ID | mendix |
| Client Secret | Obtained in Step 1 |
- Ensure OpenID, Email, and Profile scopes are enabled
- Click Next
- Click Test Settings (a new window will confirm success)
- Complete the Map Claims screen based on the table below
Map Claims
| Field | Value |
|---|---|
| Foreign ID | sid |
| Username | preferred_username |
| First Name | |
| Last Name |
- Click Next
- Click Activate
Related Articles
Azure EAM - MPAS integration
This documentation has been tested and approved by Kelvin Zero's team This document will outline the steps required to enable MPAS as an external authentication method in Microsoft Entra ID. To set up Multi-Pass, ensure you meet the following ...Outsystems (Apps) - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...OpenID Connect (OIDC) SSO Integration Guide
This guide provides a general overview and step-by-step instructions for configuring OpenID Connect (OIDC) authentication between Multi-Pass (IdP) and a third-party Service Provider (SP). OIDC is a modern identity layer built on top of OAuth 2.0 that ...Sophos Central - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...