Steps:

1. Enter an administrator Email and Name. The email address must be registered with your Authentication service provider.
2. Take note of the following details that are provided by Stadium, which will be required by your Authentication service provider:
   • Redirect URL
   • Logout Redirect URL
3. Select your OIDC Provider (i.e. Authentication service provider):
   • AuthO
   • Okta
   • Azure AD
   • Generic Provider
4. The following fields must be completed with the details that you will obtain from your Authentication service provider:
   • Domain (only AuthO and Okta)
   • Client ID
   • Client Secret
   • API Resource Name (only Generic Provider)
   • API Resource Secret (only Generic Provider)
   • Role Claim Name (only AuthO and Okta)
   • Tenant ID (only Azure AD)
   • Audience (only Generic Provider)
   • Scopes (only Generic Provider)

When using Auth0

1. Select Auth0 as your OIDC Provider.
2. Go to auth0.com.
3. Under Applications > Applications, click on Create Application
4. In the Create application popup, under Choose an application type, select Single Page Web Applications
5. Under the application Settings
6. Under Application URIs:
   
   • set Allowed Callback URIs to https://localhost/{webAppName}/callback
   • set Allowed Logout URIs to https://localhost/{webAppName}/logout
   • set Allowed Web Origins to https://localhost/{webAppName}

When using Okta

1. Select Okta as your OIDC Provider.
2. Register an account on okta.com
3. Under Applications > Applications, click on Create App Integration
In the Create a new app integration popup:

• Under Sign-in method, choose OIDC - OpenId Connect
• Under Application type, choose Single-Page Application
4. On the New Single-Page App Integration, ensure the following settings:
   
   • Grant type, check only Authorization Code
   • Sign-in redirect URIs, https://localhost/{webAppName}/callback
   • Sign-out redirect URIs, https://localhost/{webAppName}/logout
   • Trusted Origins > Base URIs, https://localhost/{webAppName}
5. Under Directory > People:
   
   • Select the user whose email was used during deployment
   • Click on Assign Applications
   • For the respective application, click on Assign
   • Click on Save and Go Back, Done

To set up groups in Okta:

1. Under Directory > Groups, add and assign a group to People and/or Apps
2. Under Security > API, select the relevant Authorization Server (e.g.: default)
3. In the Claims tab, add a new claim for the roles (a.k.a. groups):
   
   • Name: value corresponding to the role claim name entered during the Stadium app deployment
   • Include in token type: ID Token; Always
   • Value type: Groups
   • Filter: Matches regex; .* (or any other desired filter)
   • Include in: Any scope

When using Azure AD

1. Select Azure AD (Azure Active Directory) as your OIDC Provider.
2. Sign in to the Azure portal.
3. Under App Registrations, click New Registration
4. Under Redirect URI, select Single-page application (SPA) and set the URI to https://localhost/_3771_SPA_OAuth2/callback
5. Under Manage > Authentication, Front-channel logout URL, set to https://localhost/_3771_SPA_OAuth2/logout
6. On Stadium, enter the relevant details obtained from Azure AD:
   
   • Tenant ID('s) - add a single tenant or a list of tenants, separated by commas
   • Client ID
   • Client Secret

For detailed steps on the Azure AD setup, go here.

When using the Generic Provider

1. Select <Generic Provider> as your OIDC Provider.
2. Sign in to the relevant Authentication service provider's portal, e.g. console.developers.google.com for Google authentication.
3. Complete the necessary app registration steps on your provider's portal, providing the required details you receive from Stadium, e.g. Redirect URL and Logout Redirect URL, as well as retrieving the details from the provider that you have to enter on Stadium, including:
   • Client ID
   • API Resource Name
   • API Resource Secret
   • Audience
   • Scopes