DocumentationSwaggerUser docsSystem status

UI Authentication and Authorization

Overview of authentication options in the Omnium UI and how roles are managed across identity providers.

Overview

Omnium supports multiple authentication providers, allowing you to integrate with your preferred identity platform while maintaining consistent role-based access control.

Supported identity providers:

  • Azure AD B2C (default)
  • Azure AD / Entra ID
  • Auth0

In all setups, users and roles can also be managed directly via the Omnium API, giving you full control over your access model.

Azure AD B2C (Default)

Azure AD B2C is the default authentication provider for Omnium. It handles user authentication and password management. There are no custom role mappings or tenant-level configurations available for this option.

Azure AD / Entra ID

Omnium integrates with Azure AD (Entra ID) using App Roles and supports Single Sign-On (SSO) through OpenID Connect.

  1. Define roles in your Azure app (for example: OrderManagersNorway)
  2. Assign these roles to users or groups in Azure
  3. When users sign in, the assigned roles are included in the token claims
  4. Omnium reads the role claims and matches them against existing roles defined in Omnium

Important: The roles must already exist in Omnium, either configured in the admin interface or created via the API. This ensures that roles can be linked with stores, markets, and other access controls inside Omnium.

Example:

Azure Role:  OrderManagersNorway
Omnium Role: OrderManagersNorway (and then you could link this role to markets and stores, or even other roles)

By syncing roles from Entra ID, you avoid having to manually assign roles to each user in Omnium — the mapping happens automatically at login based on role names.

Auth0

Auth0 is also supported and includes Single Sign-On (SSO) support through OpenID Connect. Omnium reads the roles claim from the Auth0-issued token and matches it with existing roles defined in Omnium.

Configuration:

  • Make sure the Auth0 application includes a custom claim for roles in the ID token or Access Token (for example: https://yourdomain.com/roles)
  • Roles in Auth0 must match role names that already exist in Omnium

User and Role Management via API

All users, roles, and permissions can also be managed via the Omnium API. This allows full programmatic control and makes it possible to synchronize users and roles from external systems, offering functionality similar to SCIM provisioning.

API documentation: https://apitest.omnium.no/documentation/index.html#/Users

You can:

  • Create, update, or deactivate users
  • Assign or remove roles
  • Manage linked roles and permissions
  • Integrate with external IAM or HR systems for automated provisioning

Tip: On each user object, roles are represented as a flat list of strings under the Roles property. Market and store roles follow naming conventions:

  • Market roles: prefixed with market-
  • Store roles: prefixed with store-

Note: If you are interested in setting up SSO for your organization, please contact Omnium Support and we’ll help you with the configuration.

Previous

Scheduled tasks

Next

Newsletter

On this page