Configuration Guide: OIDC Authentication and User Synchronization

If you are using anon-premises infrastructure and choose authentication via the OIDC (OpenID Connect) protocol, it is essential to understand how user accounts are routed and managed between your identity provider and the GLPI interface, especially if the latter has no users (i.e., it was freshly installed at the same time as Medulla).

1. Understanding the Authentication Flow

In this architecture, access management follows a specific path:

Storage: Your OIDC users are provisioned in the local LDAP on the Medulla server.
Authorizations (ACLs): Although authentication is handled by OIDC, access rights and permissions (profiles) are managed directly within GLPI.

Sign of a synchronization issue: If, after logging in via OIDC, you are directed to a blank GLPI page or one without menus, this means your account has not yet been imported into the GLPI database. Without this step, the system cannot assign you a profile or access rights.

Adding users to GLPI when logging in via OIDC is now automatic if:

GLPI is installed by default with Medulla

Your GLPI is accessible in read-write mode

2. Manual Synchronization Procedure

To activate your users in GLPI, you must establish a connection with the local LDAP directory. Here are the steps to follow:

Step A: Access the synchronization interface

Log in to GLPI with a local administrator account.
Go to the Administration > Users menu.
Click the “LDAP Directory Link” button.

Step B: Import accounts

Click the Import New Users link.
Click the Search button to list the users in the Medulla LDAP directory.
Select the desired users (or all of them) and confirm the synchronization.

Network Prerequisites for Medulla SaaS

FLUX Test

Firewall

Active Directory

I already have a PXE server on my network—is that a problem?

Simplified Medulla Flowchart

OIDC

DNS Views and Medulla Relay in the DMZ

Filter machine types by GLPI ID

GLPI Access for Medulla

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Activation Support / WSUS / CVE / Shop

Rename the FQDN and Switch to HTTPS on Medulla

Changing the SSH Port Between Server and Workstation

GLPI - Connecting an External GLPI

SUPPORT - Access

Installing Medulla on an OVH Virtual Private Server (VPS)

Client Workstations (Status & Visibility)

Packages

Remote Maintenance & Getting Started

Set the agent to Debug mode

Windows Agent Issue

Introduction

The ACLs

The ACLs (continued)

Console & Administration

Increase the Web session timeout (MMC / XMLRPC)

Retrieve the root password for the Medulla interface

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Workstations (Status & Visibility)

GPO

Reconfigure My Agent

Generate Windows and Linux agents

Linux MINT Distribution Agents

Uninstalling a Medulla Agent (Versions earlier than 5.5.2)

Uninstalling a Medulla Agent (Version 5.5.2 and later)

How do I force a reconfiguration of Medulla agents?

Duplicate MAC Addresses

Check the connection from the agent to the server

WithSecure alerts regarding PAExec used by Medulla

Architecture and Deployment of Medulla Relay Servers

Procedure for Adding Relays to Dedicated Medulla SaaS

Medulla Update - 5.4.x to 5.5.x

Services

Imaging Prerequisites

Imaging - Davos Debug

Imaging - Debug

Where are Medulla imaging masters stored?

About the Masters

An unknown machine does not appear in Medulla or GLPI after Register PXE

Copying Imaging Profiles

How the WSUS Tool Works

Module Update (WSUS) is unavailable after enabling AES protection for update catalogs

Configuration Guide: OIDC Authentication and User Synchronization

1. Understanding the Authentication Flow

2. Manual Synchronization Procedure

Step A: Access the synchronization interface

Step B: Import accounts