Skip to main content

Stock IQ SSO Changes for Mt Huron version

Updated

This change is needed if SSO is configured for Sunshine Peak and upgrading to Mt Huron.

In the latest release of Stock IQ,, Mt Huron, changes have been made to the SSO integrations to bring our application inline with the latest standards for the OIDC Authorization Flow + PKCE. These changes will require you to update integration with your identity provider (IDP). This document serves to walk you through the steps necessary to update your integration.

Failure to update your integration will result in your SSO process failing and your team will be unable to authenticate with Stock IQ.

You should be able to make the changes listed for your specific IDP ahead of your scheduled update to the latest release (Huron Peak) without affecting your current SSO integration.

 

Entra

To update your Entra app registration, complete the following steps:

  1. Add a new SPA redirect URI to <your-domain>/signin-oidc (example https://mycompany.stockiqtech.net/signin-oidc)
    • Azure Portal > App Registrations > Your Stock IQ Registration > Manage > Authentication > Add Platform > Single-page Application
    • Ensure that ID Token is selected under Implicit grant and hybrid flows
  2. Double-check the token configuration to ensure the email grant type is allowed
    • Azure Portal > App Registrations > Your Stock IQ Registration > Manage > Token Configuration > Add Optional Caim > Token Type (ID) claim is email

If you leave your existing redirect URI (/Account/Login) alone, you should be able to continue to use your existing SSO integration and should experience a seamless transition between Sunshine Peak and Huron Peak. Once you are fully integrated with Huron Peak you may want to return to your app registration and remove the /Account/Login redirect URI to keep your registration tidy.

Okta

To update your Okta application:

  1. Add a new SPA redirect URI to <your-domain>/signin-oidc (example https://mycompany.stockiqtech.net/signin-oidc)
    • Okta Admin Dashboard > Applications > Your Stock IQ Application > Sign-In Redirect URIs

If you leave your existing redirect URI (/Account/Login) alone, you should be able to continue to use your existing SSO integration and should experience a seamless transition between Sunshine Peak and Huron Peak. Once you are fully integrated with Huron Peak you may want to return to your application and remove the /Account/Login redirect URI to keep your application tidy.

 

 

Related articles