# OIDC

## Overview

You can use the Open ID Connect (OIDC) to enable single-sign-on (SSO) between OAuth-enabled applications. \
\
If you do not want to create a generic service account for the Aisera Platform to access your external system, you can use an OIDC connection that returns an end-user auth token. 

The Aisera Gen AI Platform uses the procured token in headers for REST calls to the external system, returning information that is specific to that user. This is useful when you are integrating with an external system that has PII and sensitive user-specific data.

 Currently OIDC is supported by Aisera's **ServiceNow** and **Generic** integrations.

**To create an OIDC Integration:**

1. Navigate to **Settings > Integrations** in the Aisera Admin UI.
2. Click the **+ New Integration** button in the upper-right corner.
3. Choose either the **ServiceNow** or **Generic** integration icon.
4. Click **Next**.
5. Select OIDC from the **Auth Type** pull-down list.

<div align="left"><figure><img src="https://docs.aisera.com/~gitbook/image?url=https%3A%2F%2F2983236984-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FiZkLJr3EjXkd2tHYiQJP%252Fuploads%252FD1gqpApgPmx328PdCc4u%252Funknown.jpeg%3Falt%3Dmedia%26token%3D29cdb18d-21b1-478f-b387-4e3ca2f88c53&#x26;width=300&#x26;dpr=4&#x26;quality=100&#x26;sign=5c58358c&#x26;sv=2" alt="" width="375"><figcaption></figcaption></figure></div>

6. Enter the query parameters that will be used for the External System REST query.

<div align="left"><figure><img src="https://docs.aisera.com/~gitbook/image?url=https%3A%2F%2F2983236984-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FiZkLJr3EjXkd2tHYiQJP%252Fuploads%252FBmqZvJA1GbrxhBw6YUI0%252Funknown.jpeg%3Falt%3Dmedia%26token%3D66f0b8cb-8d1d-4563-8002-fe244216a1da&#x26;width=300&#x26;dpr=4&#x26;quality=100&#x26;sign=3441c065&#x26;sv=2" alt="" width="563"><figcaption></figcaption></figure></div>

7. Click **OK**.

## Fields

<table><thead><tr><th width="247.60003662109375">Field</th><th>Description</th></tr></thead><tbody><tr><td>Authorization URL</td><td>The URL used to authenticate with the external system</td></tr><tr><td>Client Id</td><td>A unique identifier assigned to the client application by the authorization server.</td></tr><tr><td>Client Secret</td><td>A confidential string used by the client to authenticate itself to the authorization server.</td></tr><tr><td>Access Token URL</td><td>The URL used to request Access Tokens</td></tr><tr><td>Nonce</td><td>A value sent by your application in the request for a token. This value will be included in the returned token.</td></tr><tr><td>Scope</td><td></td></tr><tr><td>Response Type</td><td></td></tr><tr><td>Prompt</td><td>Specifies the required type of interaction. This will change the flow of authentication.</td></tr></tbody></table>