Converlens SSO overview
Converlens uses OpenID Connect (OIDC) for Single Sign-On (SSO). To enable OpenID Connect SSO you’ll need three values from your provider:- Client ID
- Client Secret
- Discovery URL
app.converlens.com/YOUR_WORKSPACE/admin/settings/sso) to put these details into your workspace configuration.
Remember to replace YOUR_WORKSPACE with your workspace URL key.
Instructions for obtaining SSO values
See below for instructions on how to obtain these values.Microsoft Entra ID (previously Azure Active Directory (AAD))
Configuring Entra ID- Find and open ‘Microsoft Entra ID’
- Click the ‘+ Add’ and select ‘App Registration’ to create a new app registration
- Name it “Converlens” or similar
- In ‘Supported account types’ choose: “Accounts in this organizational directory only”
- Under ‘Redirect URL’ select ‘Web’ and use: https://app.converlens.com/auth/callback
- Click ‘Register’
- Copy the ‘Application (client) ID’ and ‘Directory (tenant) ID’ to use in Converlens settings
- Now setup your Client secret: in your new app, under ‘Manage’ select ‘Certificates & secrets’
- In ‘Client secrets’ click to create a ‘New client secret’
- Choose a name (e.g. “Converlens Client Secret”) and a date for when this certificate should expire. Important: Your SSO integration with Converlens relies on a valid secret, so remember to create a new secret and repeat these steps before the old one expires.
- Copy the ‘Secret Value’ to use in Converlens settings
- Client ID: use the ‘Application (client) ID’ from step 7
- Client secret: use the ‘Secret value’ from step 11
- Discovery URL: use
https://login.microsoftonline.com/TENANT/v2.0/.well-known/openid-configurationand change theTENANTtext to be the ‘Directory (tenant) ID’ from step 8
Active Directory Federation Service (AD FS)
Configure ADFS Note: OIDC is supported only in AD FS version 2016 and later.- Open the AD FS Management pane
- Select Application Groups and then select Add Application Group
- Select ‘Server Application’ and enter a name (“Converlens”) and optional description. Click Next.
- Copy the ‘Client Identifier’ value. This is the ‘Client ID’ used in Converlens settings.
- Enter the redirect URI
https://app.converlens.com/auth/callback - Next, in Configure Application Credentials select ‘Generate a shared secret’ and save this value as the ‘Client Secret’ in Converlens settings. Click Next twice and close.
- Double-click your new Application Group and click ‘Add application’. Under Standalone application choose Web API template and click Next.
- In Identifier add the Client Identifier from step 4 and also add the URI
https://app.converlens.com. Click Next. - Confirm that the Access Control Policy has permissions set to ‘Permit everyone’. Click Next.
- Application Permissions permitted scopes should include
openid,profile,emailandallatclaims. Click Next twice and close. - Double-click the new Web API Application and click on the Issuance Transform Rules tab. Click Add Rule.
- For Claim rule template, choose Send LDAP Attributes as Claims. Click Next.
- For Claims rule name: Email claims. Attribute store choose: Active Directory. LDAP Attribute choose: E-Mail-Addresses. Outgoing Claim Type:
email. Click Finish. - Add another rule, and for Claim rule template choose: Send Claims Using a Custom Rule. Click Next.
- For Claim rule name: Skip userinfo. Custom rule
=> issue(Type = “skip_userinfo”, Value = “true”); - Click Finish and restart the AD FS service to ensure all new settings are applied.
- Client ID: use the ‘Client Identifier’ from step 4
- Client secret: use the ‘Client secret’ from step 6
- Discovery URL: use
https://[Your ADFS hostname]/adfs/.well-known/openid-configurationreplacing[Your ADFS hostname]with your ADFS server. For example if your ADFS server is running onadfs.example.netthen your Discovery URL will behttps://adfs.example.net/adfs/.well-known/openid-configuration
Other SSO providers
There are many other SSO providers that support OIDC. The general process for obtaining the values you need to enable SSO in Converlens is as follows:- Log in as an admin to your SSO provider’s administration dashboard
- Create or add a “new application” (or similar). This will usually provide you with a ‘Client ID’ or identifier. Make a note of this.
- You’ll need to configure a “redirect URL” (or similar) for the application. For this use:
https://app.converlens.com/auth/callback - You’ll also need the ‘Client Secret’, sometimes called a ‘shared secret’. Some SSO providers will automatically create this when you create a new application, whereas others require you to create a standalone secret. Make a note of this value once available.
- Finally you will need the “Discovery URL” which is the URL that Converlens uses to talk to your SSO provider.
Configure your Converlens settings
Once you have the Client ID, Client secret and your Discovery URL, you can update your Converlens organisation settings:- Navigate to Settings > SSO (
app.converlens.com/YOUR_WORKSPACE/admin/settings/sso)- Remember to replace
YOUR_WORKSPACEwith your workspace URL key
- Remember to replace
- Activate Single Sign-on
- Complete the ‘Client ID’, ‘Client secret’ and ‘Discovery URL’ fields
- Save your changes
- Complete a successful SSO login before enabling Require SSO login for the workspace

