ProductIntegrationOpenIdConnectConfiguration is in Preview status and is subject to change without notice. For more information about Preview status, see the GraphQL API policy.


The configuration used for OpenID Connect single sign-on in a product integration.

This page contains


    clientCreationMethod: ProductIntegrationOpenIdConnectCredentialMethod PREVIEW

    Defines if an OpenID Connect client configuration should be unique to each subscription or shared across subscriptions. Cannot be edited after publish.

    grantTypes: [ProductIntegrationOpenIdConnectGrantType!] PREVIEW

    The allowed OAuth 2.0 grants types for this product integration

    redirectUrls: [String!]

    The list of URLs where the authorization code is allowed to be sent during SSO

    allowOidcScope: Boolean!

    Defines if the openid scope scope is allowed to be requested. Must be set to TRUE.

    allowUserScopes: Boolean!

    Defines if the email, profile, and company scopes are allowed to be requested.

    allowRoleScopes: Boolean!

    Defines if role scopes (e.g. ROLE_USER) are allowed to be requested.

    initiateLoginUri: String

    URL a user is redirected to when they click the 'MyApps' tile to initiate single sign-on.

    logoutUrl: String

    URL used to log a user out of your application. Asynchronously called when user logs out of the marketplace.

    setupForm: ProductIntegrationSingleSignOnConfigurationSetupForm PREVIEW

    A descriptor object used to define the setup form presented to Company Admins when importing an application to their company.


    Mutations for ProductIntegrationOpenIdConnectConfiguration

    addProductIntegrationOpenIdConnectConfiguration PREVIEW

    Add a OpenID Connect single sign-on configuration to an existing product integration

    updateProductIntegrationOpenIdConnectConfiguration PREVIEW

    Update the OpenID Connect single sign-on configuration within an existing product integration