Skip to content

Configuring settings

Prerequisite

As a prerequisite, authorization must be carried out through the operating system.

  1. Open the User management module.
  2. Select the Synchronization tab in the menu bar and then select the Account policies button.
  3. In the Authorization tab, select either Authorization via operating system or Authorization by operating system and access management and confirm with OK.

Configuring the OIDC binding

  1. Open the User management module.
  2. Select the Synchronization tab in the menu bar and then select the Configuration button in the OIDC binding section.

  3. The OIDC binding dialog is opened.

    • If there are no binding configurations defined, the New configuration page in the OIDC binding dialog appears:

      Figure: OIDC binding dialog, New configuration page

    • If one or more configurations already exist, the Edit configuration page is opened with the last created configuration. The other configurations and a button for creating a new configuration are listed on the left-hand side of the dialog in a navigation bar. Select the New button to create a new configuration.

      Figure: OIDC binding dialog, multiple configurations

To make settings for an OIDC OAuth2 configuration, proceed as follows:

  1. On the New configuration page, enter a valid name for the new configuration and click the Add button. You can change the display name of a configuration at any time.

  2. The Edit configuration page is opened.

    Figure: OIDC binding dialog, Edit configuration page

  3. Edit the fields according to the descriptions below.

  4. Select the Save* button to save the visible configuration.

To discard unsaved changes to the visible configuration, select the Reset button.

You can exit the OIDC binding dialog using the OK button.

If there are changes to a configuration that you have not yet saved, this is displayed in a message before exiting the dialog. The configuration in which there are unsaved changes is indicated by a * next to the display name in the navigation bar.

  • Select the Save All button to save all changes and exit the OIDC binding dialog.
  • Select the Discard button to cancel saving and exit the OIDC binding dialog.

Field descriptions

The following is a listing of the fields and their descriptions:

Field Description
Display name Name used to describe this configuration. Displayed in the left list of configurations.
Client ID Client identifier as configured in the OpenID Connect service provider. This is a required field.
Client secret Client secret as configured in the OpenID Connect service provider
Icon Icon to show on the client login screen
Discovery url If this is non-blank and set to {issuer_url}/.well-known/openid-configuration it will automatically set up the provider. No other urls are required for this configuration.
User info url URL to the endpoint that provides the user information.
Issuer url URL that points to the OpenID Connect provider (for example, https://example.com/auth/realms/your-realm)
Auth url URL to the endpoint that authorizes the end user.
Token url URL to the endpoint that provides an Access Token.
JWKS url URL to the endpoint where the Token signer publishes its keys.
Use PKCE Check to enable Proof Key for Code Exchange
Scopes Comma separated list of scopes to request.
Redirect url octoplant URL to redirect the user after successful login. This field appears at the bottom of the Edit Configuration dialog page when an existing configuration is edited. It includes a copy button (Redirect Copy Button) to the right of the field.

Deleting a configuration