Configuration Guide: OIDC Authentication and User Synchronization

If you are using anon-premises infrastructure and have chosen authentication via the OIDC (OpenID Connect) protocol, it is essential to understand how user accounts are routed and managed between your identity provider and the GLPI interface, especially if the latter is empty of users (having been freshly installed alongside Medulla).

1. Understanding the Authentication Flow

In this architecture, access management follows a specific path:

Storage: Your OIDC users are provisioned in the Medulla server’s local LDAP.
Authorizations (ACL): Although authentication is managed by OIDC, access rights and permissions (profiles) are controlled directly within GLPI.

Sign of a synchronization issue: If, after logging in via OIDC, you land on a blank GLPI page or one without menus, this means your account has not yet been imported into the GLPI database. Without this step, the system cannot assign you a profile or access rights.

Adding users to GLPI when logging in via OIDC is now automatic if:

GLPI is installed by default with Medulla

Your GLPI is accessible in read-write mode

2. Manual synchronization procedure

To activate your users in GLPI, you must establish a connection with the local LDAP directory. Here are the steps to follow:

Step A: Access the linking interface

Log in to GLPI with a local administrator account.
Go to the Administration > Users menu.
Click the LDAP Directory Link button.

Step B: Import accounts

Click the Import New Users link.
Click the Search button to list the users in the Medulla LDAP directory.
Select the desired users (or all of them) and confirm the synchronization.

Network requirements for Medulla SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Remote Maintenance & Getting Started

Deployment (broadcasting)

Remote Maintenance & Getting Started

FLUX Test

Firewall

IMAGING Prerequisites

Active Directory

I already have a PXE server on my network. Is that a problem?

Simplified flowchart of Medulla

OIDC

DNS and Medulla Relay views in the DMZ

Filter machine types by GLPI ID

Your GLPI with Read-Only User

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Increase the connection timeout to the interface

Activation Support / WSUS / CVE

Change the server's FQDN

Change the SSH port between Server and Client

GLPI - Connect an external GLPI

Network requirements for Medulla Private SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Console & Administration

Remote Maintenance & Getting Started

Client Accounts (Status & Visibility)

Packages

Console & Administration

Remote Maintenance & Getting Started

Set the agent to Debug

Windows Agent Issue

Introduction

ACLs

ACLs continued

Console & Administration

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Accounts (Status & Visibility)

GPO

Reconfigure my agent

Generate Windows and Linux agents

Agents for the MINT Linux distribution

Uninstalling the Medulla Agent (Versions prior to 5.5.2)

Uninstalling Medulla Agent Version 5.5.2 and later

Architecture and Deployment of Medulla Relay Servers

Procedure for adding relays to Medulla Dedicated SaaS

Medulla Update - 5.4.x to 5.5.x

Configuration Guide: OIDC Authentication and User Synchronization

1. Understanding the Authentication Flow

2. Manual synchronization procedure

Step A: Access the linking interface

Step B: Import accounts