This guide walks you through the process of configuring Clavister IdAuth Cloud and Nextcloud to establish seamless integration using OpenID Connect between the two systems. To achieve this, you will need to perform specific configuration steps in both Nextcloud and Clavister Cloud Services. The guide uses our example companyShieldIT as<company_name> through the different steps.

Assumptions

The Nextcloud server is on https://mynextcloud.fqdn/, replace with the real hostname of the Nextcloud server.

Clavister IdAuth Cloud Configuration

1. Navigate to Add-ons and OpenID Connect Provider
2. Click on Add new button and choose the Custom type
3. Provide a name for the Relaying Party
4. Enter the Redirect URI, https://mynextcloud.fqdn/apps/user_oidc/code 
5. Save

Nextcloud Configuration

1. Install and Enable https://apps.nextcloud.com/apps/user_oidc
2. Navigate to Administration and OpenID Connect 
3. Click on Register Providers +
4. Fill in the following Client Configuration
   1. Identifier - IdAuth Cloud
   2. Client ID - Copy from the previous created OpenID Connect Provider
   3. Client Secret - Copy from the previous created OpenID Connect Provider
   4. Scope - openid
5. Fill in the following Attribute mapping
   1. User ID mapping - sub
   2. Groups mapping - groups
6. Extra attribute mapping
   1. Display name mapping - sub
7. Deselect Use unique user ID
8. Select Use group provisioning 

Related articles