• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Connecting Researchers and Research

Sign in/Register
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Privacy Policy
  • About
        • Our Mission
          • 2025 Vision
          • ORCID Trust
          • Annual Reports
        • Team
          • ORCID Board
          • ORCID Team
          • Work with Us!
        • Services
          • Member Portal
          • Annual data files
          • Member API
          • Public API
          • ORCID Registry
        • Governance
          • Bylaws
          • Board Elections
        • Policies
          • Privacy Policy
          • Dispute Procedures
          • Public Client Terms of Service
          • Open Source Project License
          • Public Data File Use Policy
          • Terms of Use
          • Brand Guidelines
  • For Researchers
        • Benefits for Researchers
        • Researcher FAQ
        • Video Tutorials
        • Your ORCID Record
        • Get Help
  • Membership
        • Membership Benefits
          • Benefits for Funders
          • Benefits for Publishers
          • Benefits for Research Organizations
          • Benefits for Research Resources
        • Get Membership
        • Member List
        • ORCID Map
        • Membership Comparison
          • Basic Membership
          • Premium Membership
          • ORCID Consortia
        • ORCID Consortia
          • Consortia Agreement
          • Consortia Onboarding Checklist
          • Roles and Responsibilities of ORCID Consortia
  • Documentation
        • Features
          • Member Portal
          • Member API
          • Public API
          • ORCID Registry
          • Annual Data Files
        • Workflows
          • Journal Articles
          • Employment
          • Peer Review
          • Funder and Grants
          • View More
        • Integration Guide
          • Getting Started with Your Integration
          • Sandbox Testing Server
          • Registering a Member API Client
          • Integration and API FAQ
          • View More
        • API Tutorials
          • Get an Authenticated ORCID iD
          • Read Data on a Record
          • Add and Update Data on an ORCID record
          • Hands On with the ORCID API
          • View More
        • Member Portal
          • Member Portal Organization Admin Guide
          • Member Portal Email Guide
          • Member Portal Beta Program Guide
  • Resources
        • ORCID Community
        • Community Programs
          • Certified Service Providers
          • ORCID API Users Group
          • Historical Task Forces, Working Groups, and Steering Groups
        • Get Involved
          • Community Groups
          • Developers
          • Give Feedback
          • ORCID API Users Group
        • Member Resources
          • ORCID Enabled Systems
          • Publishers Open Letter
          • Funders Open Letter
          • Standard Member Agreement
          • Outreach Resources
          • Register a Sandbox API Client
          • Register a Production API Client
  • News & Events
        • News
          • ORCID News
          • Member News
          • Consortia News
          • Integration News
          • Blog
          • Product Updates
        • Events
          • Events Calendar
          • Webinars
You are here: Home / Documentation / Features / Public API / Sign in option to your system

Sign in option to your system

ORCID sign-in is a core component of most ORCID workflows.

Enabling users to register or sign into your system using their ORCID credentials can save them time and effort; they don’t have to keep track of multiple usernames and passwords, and you immediately obtain an authenticated ORCID iD. At the same time as asking users to sign in, you can request permission to read or update their ORCID record.

ORCID sign-in is similar to social sign-in, for example sign-in using Google or Facebook, as offered on ORCID and other websites, and is often refered to as “single sign on” or “SSO”. You place a ‘sign in with ORCID’ button on your page, users click it, users authenticate themselves, and they are then returned to you with information about their ORCID account, including their name and authenticated ORCID iD.

Individuals sign into their ORCID accounts using their registered email address and password or with linked alternate sign-in credentials – this means that users can sign into ORCID with their federated institutional accounts and/or social accounts. Individuals without an existing ORCID iD can create one as part of the sign in process.

ORCID supports:

  • OAuth 2.0
  • OpenID Connect 1.0
  • Multi-factor authentication

See the API Tutorial ‘Get an Authenticated ORCID iD‘ for more details.

Why should I collect authenticated ORCID iDs?

Collecting validated ORCID iDs for individuals through the OAUTH process is important. Individuals sign into their ORCID accounts using their registered email address and password or they can create a new account and then authorize your system to obtain their ORCID iD. This ensures you get the correct ORCID iD for the researcher and that the information on that record reflects their research activities (see What’s So Special About Signing In). 

What is OpenID?

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It supplements existing OAuth authentication flows and provides information about users to clients in a well described manner.

OpenID connect is a standardised way of implementing OAuth and sharing information about authenticated users. It will now be possible to configure services to use ORCID “out of the box” alongside other standards compliant OpenID connect providers. OpenID connect also provides sharable ID tokens, which are signed objects that can prove a user authenticated using ORCID at a specific time. These tokens can be used by user interface elements to maintain user sessions.

ORCID supports the Basic OpenID Provider conformance profile, which is an extension of the OAuth authorization code flow. ORCID also supports the implicit token flow for the “/authenticate” and “openid” scopes.

This means that ORCID:

  • Embeds signed id tokens within token responses for authorization codes generated with the ‘openid’ scope
  • Supports the implicit flow when using ‘token’ or ‘token id_token’ response_types and the ‘openid’ scope.
  • Supports the ‘prompt’, ‘nonce’ and ‘max_age’ parameters for authorisation requests that include the ‘openid’ scope.
  • Supports Openid Connect discovery and userinfo endpoints
  • Supports the ‘amr’ field for integrators using the member API for authorisation requests that include the ‘openid’ scope. This can be used to discover if a user authenticated using two factor authentication.

Initiating an OpenID Connect authentication works the same way as a regular OAuth authentication. All that is required is that the client request the ‘openid’ scope If you are using the /authenticate scope replace it with openid, as authenticate and openid have the same authorization only one or the other should be used. If you are using any other scopes, add openid to the list of scopes requested. When the openid scope is included, the Registry will return an id_token inside the token response and grant the client permission to access the user info endpoint for that user.

Note that the ‘openid’ scope does not start with a ‘/’ like the other ORCID API scopes. This is because the ‘openid’ scope is not defined by ORCID, but instead defined by the OpenID Connect specification.

See our technical documentation for more information.


Does ORCID support two-factor authentication?

ORCID allows users to enable Two-factor authentication (2FA) on their ORCID account. 2FA is a secondary security check made during the sign-in process. It provides additional confirmation that the user is indeed the person signing into an ORCID account. For more information relating to how this can be configured for users please see our KB article.

OpenID connect integrators using the member API can check to see if the user had signed into their ORCID account with 2FA enabled as part of the OAuth process. This can allow member integrators to grant access to their researchers to higher security systems.

Primary Sidebar

Search

Documentation

Documentation MenuDocumentation Menu
  • Features
    • Public API
      • Sign in option to your system
      • Collecting authenticated iDs
      • Reading ORCID records
      • Searching the registry
    • Member API
      • Access trusted data
      • Writing data to ORCID records
      • Syncing ORCID with your system
    • Member Portal
      • Member Portal Organization Admin Guide
      • Member Portal Email Guide
      • Member Portal Beta Program Guide
    • ORCID Registry
    • Annual Data Files
  • Workflows
    • Journal Articles
    • Books
    • Preprint Servers
    • Peer Review
    • Education
    • Employment
    • Invited Positions and Distinction
    • Membership and Service
    • Research Resources
    • Funder and Grants
    • Repository Systems
    • eTheses and Dissertation
    • Institutional Connect
    • Search and Link Wizards
    • Sharing User Permissions
    • Connecting with Co-Authors
    • Accreditations and qualifications
  • Integration Guide
    • Getting Started with Your Integration
    • Sandbox Testing Server
    • Registering a Public API Client
    • Registering a Member API Client
    • ORCID and Persistent Identifiers
    • Working with Organization Identifiers
    • Sign into ORCID with Institutional Credentials
    • Sign In Using ORCID Credentials
    • Syncronizing with ORCID
    • Working with Bulk Data
    • ORCID Record Schema
    • Troubleshooting
    • User experience display guidelines
    • Customizing the OAuth Experience
    • Vendor Systems
    • Communicating with Users
    • Integration and API FAQ
  • API Tutorials
    • Getting an Authenticated ORCID iD
    • Reading Data on a Record
    • Adding and Updating Data
    • Searching the ORCID Registry
    • Registering a Notification Webhook
    • Hands on with the ORCID API
  • API Technical Resources
    • Tech Tutorials
    • 3.0 Schemas
    • API Error Codes
    • Maven Central
    • ORCID OAuth Java Script Widget
ORCID logo

CC0 The text of this website is published under a CC0 license Images and marks are subject to copyright and trademark protection.

  • About ORCID
  • Privacy Policy
  • Terms of Use
  • Accessibility Statement
  • Contact us
  • Dispute procedures
  • Brand Guidelines