Configuring OIDC SSO with Seesaw

  • Updated on Oct 3, 2025
  • Published on Oct 3, 2025
  • 1 minute(s) read
Prev Next

Configuring SSO with Seesaw Using OIDC

Creating a federation partner for use with Seesaw isn’t particularly different than for other uses.

Configuration Steps

Configuring SSO in RapidIdentity

As a Tenant Administrator in RapidIdentity:

  1. Go to Configuration module > Security > Identity Providers > Federation Partners

  2. Click Add Federation Partner and Select OpenID Connect and you will be taken to a page to create the OIDC Partner.

  3. Under the General section provide a name for the OIDC Partner and add the following Callback URLs:

    https://app.seesaw.me/api/auth/oidc/authorize/code

  4. Under the Claim Attributes section, add the following Claim Attributes:

    Name Claim Claim Type Attribute Value Type LDAP Attribute REGEX Filter Single Valued Binary
    Email email string ldap mail true false
    Email Verified email_verified string ldap mail true false
    Family Name sn string ldap sn true false
    Given Name given_name string ldap givenName true false
    Picture picture string ldap idautoPersonPhotoURL true false

  5. Click Save.

  6. It may be necessary to navigate to the the IDP Configuration and trigger a service reload and web reload.

  7. Additional setup will be required within Seesaw and you will need to make note of the following values:
    a. The Client ID of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created.
    b. The Client Secret of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created
    c. The discovery URL/Endpoint for OIDC on the RapidIdentity Server https://<rapididentity hostname>/idp/.well-known/openid-configuration

RapidIdentity Endpoints for OIDC are as follows:

Endpoint Path
Token Endpoint /idp/profile/oidc/token
UserInfo Endpoint /idp/profile/oidc/userinfo
JWKS Endpoint /idp/profile/oidc/jwks
Discovery Endpoint /idp/.well-known/openid-configuration

Configuring SSO in Seesaw

As a Seesaw Administrator in Seesaw:

  1. Go to District Wide Settings
  2. Select Authentication and Security
  3. Add your district's email domain(s) as a Trusted Email Domain
  4. Enter a Configuration Name such as RapidIdentity
  5. Leave the SSO Type as the default or select OIDC if available
  6. Enter your https:// followed by RapidIdentity URL followed by /idp as the Issuer URI
  7. Enter the Client ID and the Client Secret from the RapidIdentity configuration
  8. Click Add SSO Config button followed by Ok to save the SSO configuration
NOTE:

Every Issuer URI in Seesaw must be unique and a RapidIdentity tenant can only be federated with Seesaw at any given time.