MUNI Unified Login

Instruction: How to Connect a Service to MUNI Unified Login

Technically, the service can be connected using the OpenID Connect (OIDC) protocol, which is an extension of the OAuth2 authorization protocol with authentication and an API to retrieve user information. For detailed information on OpenID Connect, see the specification.

Instructions for Service Connection

Client registration is done in the SP reg application at

Log in with your UČO. If you do not have one, email us.

Go to New service and follow instructions.

Send the application. If any deficiencies are identified, you will receive an email with instructions on how to edit your application. Then repeat the previous steps.

Under the My services tab, note Client ID and Client Secret from the OIDC that you will need to know to set up the OIDC client.

Once your application is approved, the service will be connected in test mode and access will be granted to administrators.

Configure your service (app, library) using the obtained client ID and client secret. Instructions for some of the most common apps and libraries are listed here.

After testing, request moving to a production environment in the SP reg application clicking the Move to Production button and wait for confirmation by email.

Technical Specifications

OpenID Connect (OIDC)


Metadata contains addresses of endpoints and keys (for apps which do not support automatic detection).


Entity ID:
Metadata signing certificate: mu_unified_login.pem
Metadata singing certificate fingerprint: SHA256

Metadata contains addresses of endpoints and keys (for apps which do not support automatic metadata management).

You are running an old browser version. We recommend updating your browser to its latest version.