Outsystems (Apps) - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Outsystems using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Outsystems, ensure you meet the following requirements:
- Outsystems administrator access
- MPAS Admin rights
- All users intended to use SSO in Outsystems must be registered in your IdP and have the necessary permissions.
Important: Custom elements in URLs (like tenant names) are case sensitive. Match the exact casing from your environment.
- Outsystems administrator access
- MPAS Admin rights
- All users intended to use SSO in Outsystems must be registered in your IdP and have the necessary permissions.
Important: Custom elements in URLs (like tenant names) are case sensitive. Match the exact casing from your environment.
Important: This is only for custom apps that you create in Outsystem. Not the admin login to get to Outsystem
Outsystems (Apps) - SSO Configuration
Step 1 - Start the Configuration of Multi-Pass as the Identity Provider (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, then click on Applications.
- Select OIDC under the custom integration section.
- Complete the fields based on the table below
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | outsystems |
| Name | outsystems |
| Description | Outsystems OIDC Integration |
| Client Authentication | ON |
- Select Add Integration.
- Go to the Advanced Console using the left-side navigation bar.
- Click Client and search for Outsystems.
- Under Credentials, copy the Secret Key and save it for Step 2.
- Go to Client Scopes and click the first scope in the list.
- Select Add Predefined Mapper and add the following:
- given name
- username
- family name
Step 2 - Configure Outsystems as the Service Provider (SP)
- Log into Outsystems as an Administrator.
- In the left navigation pane, select Identity Providers under Manage.
- Select Add Provider → OpenID Connect.
- Complete the fields based on the table below
| Field | Value |
|---|---|
| Provider Name | Multi Pass |
| Discovery Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/.well-known/openid-configuration |
| Client ID | outsystems |
| Client Secret | Obtained in Step 1 |
| PKCE | SHA-256 |
- Under Organization user email verification, select Trust all user emails as verified.
- In Username Claim Mapping, change value from
usernametopreferred_username. - Select Get Details beside the Discovery Endpoint — Multi-Pass URLs will populate automatically.
- Click Save.
- Navigate to the Redirect URLs tab and note the Login and Logout URLs — you will use them in Step 3.
- Select Assign and link Multi-Pass to any applications that will use SSO.
Step 3 - Complete the Configuration of Multi-Pass
- Open Multi-Pass Dashboard
- Go to the Advanced Console on the left navigation pane.
- Click on Client and search for Outsystems.
- Complete or verify the fields based on the tables below:
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | outsystems |
| Name | outsystems |
| Description | Outsystems SSO Integration |
| Always display in UI | OFF |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL | https://<OUTSYSTEMS_SUBDOMAIN>.outsystems.app |
| Valid Redirect URIs (ACS) | Login URL from Step 2 Example:
|
| Valid Post Logout Redirect URIs | Logout URL from Step 2 Example:
|
Capability Config
| Setting | Value |
|---|---|
| Client Authentication | ON |
| Authentication Flow | Standard Flow & Direct Access Grants |
Related Articles
OpenID Connect (OIDC) SSO Integration Guide
This guide provides a general overview and step-by-step instructions for configuring OpenID Connect (OIDC) authentication between Multi-Pass (IdP) and a third-party Service Provider (SP). OIDC is a modern identity layer built on top of OAuth 2.0 that ...Azure EAM - MPAS integration
This documentation has been tested and approved by Kelvin Zero's team This document will outline the steps required to enable MPAS as an external authentication method in Microsoft Entra ID. To set up Multi-Pass, ensure you meet the following ...Mendix - SSO Configuration
This document has been tested and approved by Kelvin Zero Inc This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mendix using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...ATERA - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...N-Central (N-Able) - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...