Integrate a generic OIDC and OAuth Server application

You can configure access to custom OpenID Connect (OIDC) applications by integrating a generic OIDC Server application on Identity as a Service. A Server application is a client application that can communicate security with Identity as a Service using a client secret in order to obtain access tokens. Tokens are requested directly from and returned to the client application.

● Identify the attributes that Identity as a Service must contain to establish a connection between Identity as a Service and the OIDC application.

● Configure the account settings of your application to accept authentication attempts from your Identity as a Service account.

Step 1: Add a generic Server application and configure the General settings

1. Log in to an Identity as a Service account with a role assigned that allows you to configure applications on Identity as a Service.

2. Click > Security > Applications. The Applications List page appears.

3. Click Add. The Select an Application Template page appears.

4. Do one of the following:

● Select OpenID Connect and OAuth Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

● In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

5. Click Generic Server Application. The Add Generic Server Application page appears.

6. Configure the following App Settings:

a. Enter the Application Name.

b. Enter the Application Description.

7. Configure the OIDC Settings.

a. The Grant Types are configured by default.

b. The Client ID is generated when you create the application on Identity as a Service. You cannot modify the Client ID.

c. Select the Token / Revocation Endpoint Client Authentication Method from the drop-down list. When using the token or revocation endpoint, clients use this authentication method to authenticate to the Authorization Server.

d. Copy the Client Secret value. You can then paste the Client Secret value into the required field of your client OIDC application account settings.

Note: You can define your own Client Secret value. However, Entrust recommends that you use the strong secret value provided. You can also optionally view or regenerate a new client secret.

e. Select the OIDC Signing Certificate used to connect to the Service Provider.

8. Click Show Advanced Settings to configure advanced settings.

a. Enter the Default Resource/Audience Request Value to include this value as the resource or audience parameter for every authorization request.

9. Click Save.

Note: After configuring the General settings, Claims, Customization and Resource Rule tabs appear.

10. Proceed to Step 2: Configure Customizations.

Step 2: Configure Customizations

1. Click the Customization tab. The Customization page appears.

2. Optional. Add a custom application logo, as follows:

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box displays your selected image.

d. If required, resize your image.

e. Click OK.

3. Select the Authentication Flow that appears to users during login. You must select at least one. For more information on Passkey log in, see Manage Passkey/FIDO2 authenticators.

4. Click Save.

5. Proceed to Step 3: Configure a resource rule.

Integrate a generic OIDC and OAuth Server application

Step 1: Add a generic Server application and configure the General settings

Step 2: Configure Customizations

Step 4: Configure a resource rule

Step 5: Optionally, add a resource server