Pocket ID

Connect Windshift to Pocket ID for single sign-on using OpenID Connect.

Prerequisites

• Running Windshift instance with admin access
• Running Pocket ID instance with admin access

Step 1: Open SSO Configuration in Windshift

1. Navigate to Admin > Single Sign-On
2. Click Add Provider
3. Enter a display name (e.g. "Pocket-ID") — the slug auto-fills
4. Copy the Callback URL shown in the dialog

Step 2: Create an OIDC Client in Pocket ID

1. In Pocket ID admin, go to OIDC Clients and click Create
2. Enter a name (e.g. "Windshift")
3. Paste the Callback URL from Windshift into the Callback URLs field
4. Leave the other fields at their defaults
5. Click Save
6. Copy the Client ID and Client Secret shown after saving

Step 3: Complete Windshift Configuration

1. Back in the Windshift SSO dialog, paste the Client ID and Client Secret
2. Set the Issuer URL to your Pocket ID instance URL (e.g. https://id.example.com)
3. Leave Scopes as openid email profile
4. Toggle the checkboxes as desired:
   • Enable provider — makes the provider available on the login page
   • Auto-provision — automatically creates accounts for new users
   • Allow password login — lets provisioned users also set a password
   • Trust IdP email verification — skips Windshift's own email verification
5. Click Save Changes

Step 4: Mark Email as Trusted in Pocket ID

1. In Pocket ID admin, go to Users and select the user
2. Click the green icon next to the Email field to mark the email as trusted
3. This is required when Trust IdP email verification is enabled in Windshift

Test the Connection

1. In the Windshift SSO dialog, click Test Connection to verify everything is configured correctly
2. Or sign out and use Sign in with Pocket-ID on the login page