You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/hub/guides/oidc.md
+35-1Lines changed: 35 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,4 +18,38 @@ You will need to provide:
18
18
19
19
## Signing In
20
20
21
-
Once an OIDC provider is configured, any user can try to sign in using that provider. A stub account will then be created within the system with no roles assigned. The administrator can then assign hub roles to that account. When the user signs back in they will have the assigned roles and feature access.
21
+
Once an OIDC provider is configured, any user can try to sign in using that provider. A stub account will then be created within the system with no roles assigned. The administrator can then assign hub roles to that account. When the user signs back in they will have the assigned roles and feature access.
22
+
23
+
24
+
# Example - Azure Entra
25
+
26
+
## Configure OIDC Application in Azure Entra
27
+
Use Azure portal to create a new app registration:
28
+
- App registrations > New Registration
29
+
- Name e.g.: Certify Management Hub (Production)
30
+
- Select account scope, generally Accounts in this organization directory only
- Under *Certificates & secrets* configure a new Client secret, note the Applicaiton ID and Client Secret values. Secretes expire, so keep this in mind if auth fails in the future.
35
+
36
+
## Setup OIDC provider in Certify Management Hub
37
+
38
+
- Navigate to *Settings > Security > OpenID Connect (OIDC)*
39
+
- Select *Add OIDC Provider*
40
+
- General > Set a name for the provider, users will see this on the Sign In page and use it to select the provider as an option.
41
+
- Configuration :
42
+
- Authority URL which includes your tenant ID e.g. https://login.microsoftonline.com/abcd123-768f-4006-8891-0c85aecd9fd9
43
+
- Client ID (Application ID) and Client Secret, this is used to authenticate the confirmation code passed back by Entra after it has authenticated a user.
44
+
- Redirect URI, which is the page on the hub to redirect to once Entra has completed its auth, the host/port of the URL varies depending on your hub configuration e.g. `https://hub.yourcompany.com:8443/authentication/login-callback`
45
+
- Scopes: `openid profile email` - these determine what info is accessible about the user
46
+
- Advanced:
47
+
- Response Type: *code* (default, so that a code will be passed back to the Redirect URI as part of the query string)
48
+
- Response Mode: *form_post* (default).
49
+
50
+
## Sign In with your OIDC Provider
51
+
- Reload the Hub UI and select the OIDC provider to sign in with, complete sign in as normal
52
+
- Initially your account will have no roles:
53
+
- Sign out of the hub and Sign In as Admin, assign a role to your account under Settings > Security > [Your new account] (people +) > e.g. Hub View (which has read only permissions), Administrator or Certificate Manager, then sign out.
0 commit comments