

Visit Relativity Learning to explore additional learning opportunities for this topic.
Last date modified: April 15 2025
Relativity supports OpenID Connect (OIDC) providers for authenticating to a Relativity instance during login. You can set scopes, claims, and other properties on an OIDC provider through the UI and the OIDC Provider Manager service. For more information, see Authentication on the Relativity
The OIDC Provider Manager service provides the following functionality for programmatically working with providers:
Sample use cases for this service include the following:
You can also use the OIDC Provider Manager service through .NET. For more information, see OpenID Connect Provider Manager (.NET).
The URLs for REST endpoints contain path parameters that you need to set before making a call:
For example, you can use the following URL to read an OIDC provider:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
Set the path parameters as follows:
You need to create a client to make calls to the OIDC Provider service. See the following sample code:
1
2
3
4
5
6
7
8
9
10
11
Uri relativityRestUri = new Uri(@"http://localhost/relativity.rest/api");
Credentials credentials = new UsernamePasswordCredentials("username", "password");
ServiceFactorySettings settings = new ServiceFactorySettings(relativityRestUri, credentials);
ServiceFactory factory = new ServiceFactory(settings);
using (var manager = factory.CreateProxy<IOpenIDConnectProviderManager>())
{
manager.ReadAsync(1231223);
}
To create an OIDC provider, send a POST request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers
The request must contain a "provider" object with the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"provider": {
"Name": "OIDC Auth Provider",
"Description": "Description here",
"IsEnabled": true,
"SiteUri": "https://relativity.com/Relativity",
"DisplayOnLoginPage": true,
"Caption": "OIDC Provider 1",
"ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
"ClientSecret": "secret",
"Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
"Flow": "Code",
"SubjectClaimType": "email",
"Scopes": "openid email profile",
"JITSettings": {
"Enabled": true,
"PersonalGroup": false,
"FirstNameClaimType": "firstnameclaim",
"LastNameClaimType": "lastnameclaim",
"EmailClaimType": "emailclaim",
"PersonalGroupClaimType": "personalgroupclaim",
"GroupClaimType": "groupclaim",
"DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
"Client": {
"Value":{
"ArtifactID": 1015644
}
}
}
}
}
The response contains following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
"ArtifactID": 1020049,
"Name": "OIDC Auth Provider",
"Description": "Description here",
"IsEnabled": true,
"SiteUri": "https://relativity.com/Relativity",
"DisplayOnLoginPage": true,
"Caption": "OIDC Provider 1",
"ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
"ClientSecret": "secret",
"Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
"Flow": "Code",
"RedirectUri": "https://relativity.com:443/Relativity/Identity/1F7F411E1C520578D7FA48CEE9364F8E71AC9ACA",
"SubjectClaimType": "email",
"Scopes": "openid email profile",
"JITSettings": {
"ArtifactID": 1020050,
"Enabled": true,
"PersonalGroup": false,
"FirstNameClaimType": "firstnameclaim",
"LastNameClaimType": "lastnameclaim",
"EmailClaimType": "emailclaim",
"PersonalGroupClaimType": "personalgroupclaim",
"GroupClaimType": "groupclaim",
"DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
"Client": {
"Secured": false,
"Value": {
"ArtifactID": 1015644,
"Guids": []
}
}
},
"Resource": "",
"ResponseType": "code",
"TrustedIPs": []
}
To read an OIDC provider, send a GET request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
The request body is empty.
The response for a read operation contains the same fields as those for a create response. See the field descriptions for the response in Create an OIDC provider.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
"ArtifactID": 1020049,
"Name": "OIDC Auth Provider",
"Description": "Description here",
"IsEnabled": true,
"SiteUri": "https://relativity.com/Relativity",
"DisplayOnLoginPage": true,
"Caption": "OIDC Provider 1",
"ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
"ClientSecret": "secret",
"Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
"Flow": "Code",
"RedirectUri": "https://relativity.com:443/Relativity/Identity/1F7F411E1C520578D7FA48CEE9364F8E71AC9ACA",
"SubjectClaimType": "email",
"Scopes": "openid email profile",
"JITSettings": {
"ArtifactID": 1020050,
"Enabled": true,
"PersonalGroup": false,
"FirstNameClaimType": "firstnameclaim",
"LastNameClaimType": "lastnameclaim",
"EmailClaimType": "emailclaim",
"PersonalGroupClaimType": "personalgroupclaim",
"GroupClaimType": "groupclaim",
"DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
"Client": {
"Secured": false,
"Value": {
"Name": "Relativity",
"ArtifactID": 1015644,
"Guids": []
}
}
},
"Resource": "",
"ResponseType": "code",
"TrustedIPs": []
}
To update an OIDC provider, send a PUT request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers
The request for an update operation contains providerID, which is an integer used as the unique identifier for the authentication provider. The other fields in the request are the same those for a create request. See the field descriptions in Create an OIDC provider.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{
"providerID": {providerID},
"provider": {
"Name": "OIDC Auth Provider",
"Description": "Description here",
"IsEnabled": true,
"SiteUri": "https://relativity.com/Relativity",
"DisplayOnLoginPage": true,
"Caption": "OIDC Provider 1",
"ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
"ClientSecret": "secret",
"Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
"Flow": "Code",
"SubjectClaimType": "email",
"Scopes": "openid email profile",
"JITSettings": {
"Enabled": true,
"PersonalGroup": false,
"FirstNameClaimType": "firstnameclaim",
"LastNameClaimType": "lastnameclaim",
"EmailClaimType": "emailclaim",
"PersonalGroupClaimType": "personalgroupclaim",
"GroupClaimType": "groupclaim",
"DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
"Client": {
"Value":{
"ArtifactID": 1015644
}
}
}
}
}
When the provider is successfully updated, the response returns the status code of 200.
To delete an existing OIDC provider, send a DELETE request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
The request body is empty.
When the provider is successfully deleted, the response returns the status code of 200.
To create multiple group claim mappings for an OIDC provider, send a POST request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings
The request contains an array of GroupClaimMapping objects, which have the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"groupClaimMappings": [
{
"Group": {
"Secured": false,
"Value": {
"Name": "First Level Group",
"ArtifactID": 1015025,
"Guids": []
}
},
"ClaimValue": "firstgroup"
},
{
"Group": {
"Secured": false,
"Value": {
"Name": "Third Level Group",
"ArtifactID": 1015027,
"Guids": []
}
},
"ClaimValue": "thirdgroup"
}]
}
The response contains an array of RelativityObjects, which have the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
[
{
"ParentObject": {
"ArtifactID": 1020049
},
"FieldValues": [
{
"Field": {
"ArtifactID": 1018417,
"FieldCategory": "Generic",
"FieldType": "SingleObject",
"Guids": [],
"Name": "Group",
"ViewFieldID": 0
},
"Value": {
"ArtifactID": 1015025,
"Guids": [],
"Name": "First Level Group",
"ItemSecured": false
}
},
{
"Field": {
"ArtifactID": 1018418,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Value",
"ViewFieldID": 0
},
"Value": "firstgroup"
}
],
"ArtifactID": 1020055,
"Guids": []
},
{
"ParentObject": {
"ArtifactID": 1020049
},
"FieldValues": [
{
"Field": {
"ArtifactID": 1018417,
"FieldCategory": "Generic",
"FieldType": "SingleObject",
"Guids": [],
"Name": "Group",
"ViewFieldID": 0
},
"Value": {
"ArtifactID": 1015027,
"Guids": [],
"Name": "Third Level Group",
"ItemSecured": false
}
},
{
"Field": {
"ArtifactID": 1018418,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Value",
"ViewFieldID": 0
},
"Value": "thirdgroup"
}
],
"ArtifactID": 1020056,
"Guids": []
}
]
To retrieve all the group claim mappings for an OIDC provider, send a GET request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings
The request body is empty.
The response contains an array of GroupClaimMapping objects, which have the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[
{
"ArtifactID": 1020052,
"Group": {
"Secured": false,
"Value": {
"Name": "First Level Group",
"ArtifactID": 1015025,
"Guids": []
}
},
"ClaimValue": "firstgroup"
},
{
"ArtifactID": 1020053,
"Group": {
"Secured": false,
"Value": {
"Name": "Second Level Group",
"ArtifactID": 1015026,
"Guids": []
}
},
"ClaimValue": "secondgroup"
}
]
To read a group claim mapping from an OIDConnect provider, send a GET request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
The request body is empty.
The response contains a GroupClaimMapping object, which has the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
{
"ArtifactID": 1020052,
"Group": {
"Secured": false,
"Value": {
"Name": "First Level Group",
"ArtifactID": 1015025,
"Guids": []
}
},
"ClaimValue": "firstgroup"
}
To update a group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
The response contains a GroupClaimMapping object, which has the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"gcm": {
"Group": {
"Secured": false,
"Value": {
"Name": "Third Level Group",
"ArtifactID": 1015027,
"Guids": []
}
},
"ClaimValue": "thirdgroupupdated"
}
}
When the mapping is successfully updated, the response returns the status code of 200.
To delete a group claim mapping from an OIDC provider, send a DELETE request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}
The request body is empty.
When the mapping is successfully deleted, the response returns the status code of 200.
To create multiple required claims for an existing OIDC provider, send a POST request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims
The request contains an array of RequiredClaim objects, which have the following fields:
1
2
3
4
5
6
7
8
9
10
11
{
"requiredClaims": [
{
"ClaimType": "type1"
"ClaimValue": "value1"
},
{
"ClaimType": "type2"
"ClaimValue": "value2"
}]
}
The response contains a RelativityObject, which has the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
[
{
"ParentObject": {
"ArtifactID": 1018685
},
"FieldValues": [
{
"Field": {
"ArtifactID": 1018675,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Value",
"ViewFieldID": 0
},
"Value": "claim1value"
},
{
"Field": {
"ArtifactID": 1018676,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Type",
"ViewFieldID": 0
},
"Value": "claim1type"
}
],
"ArtifactID": 1018687,
"Guids": []
},
{
"ParentObject": {
"ArtifactID": 1018685
},
"FieldValues": [
{
"Field": {
"ArtifactID": 1018675,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Value",
"ViewFieldID": 0
},
"Value": "claim2value"
},
{
"Field": {
"ArtifactID": 1018676,
"FieldCategory": "Generic",
"FieldType": "FixedLengthText",
"Guids": [],
"Name": "Claim Type",
"ViewFieldID": 0
},
"Value": "claim2type"
}
],
"ArtifactID": 1018688,
"Guids": []
}
]
To retrieve all the required claims for an OIDC provider, send a GET request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims
The request body is empty.
The response contains an array of RequiredClaim objects, which have the following fields:
1
2
3
4
5
6
7
8
9
10
11
12
[
{
"ArtifactID": 1020052,
"ClaimType": "type1"
"ClaimValue": "value1"
},
{
"ArtifactID": 1020053,
"ClaimType": "type2"
"ClaimValue": "value2"
}
]
To read a required claim from an OIDC provider, send a GET request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}
The request body is empty.
The response contains a RequiredClaim object, which has the following fields:
1
2
3
4
5
{
"ArtifactID": 1020052,
"ClaimType": "type1",
"ClaimValue": "value1"
}
To update a required group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}
The request contains a of RequiredClaim object, which has the following fields:
1
2
3
4
5
6
{
"requiredClaim": {
"ClaimType": "type1",
"ClaimValue": "value1"
}
}
When the mapping is successfully updated, the response returns the status code of 200.
To delete a required group claim mapping for an OIDC provider, send a DELETE request with a URL in the following format:
1
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}
The request body is empty.
When the mapping is successfully deleted, the response returns the status code of 200.
On this page
Why was this not helpful?
Check one that applies.
Thank you for your feedback.
Want to tell us more?
Great!
Additional Resources |
|||
DevHelp Community | GitHub | Release Notes | NuGet |