> Security > Applications. The Applications
List page appears.
You can configure access to custom OpenID Connect (OIDC) applications by integrating a generic OIDC Server application on Identity as a Service. A Server application is a client application that can communicate security with Identity as a Service using a client secret in order to obtain access tokens. Tokens are requested directly from and returned to the client application.
Before you begin, complete the following:
● Identify the attributes that Identity as a Service must contain to establish a connection between Identity as a Service and the OIDC application.
● Configure the account settings of your application to accept authentication attempts from your Identity as a Service account.
Add generic OIDC server application
1. Log in to an Identity as a Service account with a role assigned that allows you to configure applications on Identity as a Service.
2. Click
> Security > Applications. The Applications
List page appears.
3. Click Add. The Select an Application Template page appears.
4. Scroll to OpenID Connect and OAuth Cloud Integrations and click Generic Server Application. The Add Generic Server Application page appears.
5. Change the Application Name and Application Description to reflect the custom application you are configuring for SSO through Identity as a Service.
6. Optional. Add a custom application logo, as follows:
a. Click 
next to Application
Logo. The Upload Logo dialog box appears.
b. Click 
to select an image file to upload.
c. Browse to select your file and click Open. The Upload Logo dialog box displays your selected image.
d. If required, resize your image.
e. Click OK.
7. Select the Authentication Flow that appear to users during login. You select at least one. For more information on Passkey log in, see Manage Passkey/FIDO2 authenticators.
8. Click Next. The Settings page appears.
9. Complete the following in the General Settings:
a. The Client ID is generated when you create the application on Identity as a Service. You cannot modify the Client ID.
b. Click 
to copy the Client Secret value.
You can then paste the Client Secret
value into the required field of your client OIDC application account
settings.
Note: You can define your own Client Secret value. However, Entrust recommends that you use the strong secret value provided.
10. Select the Token / Revocation Endpoint Client Authentication Method from the drop-down list. When using the token or revocation endpoint, clients use this authentication method to authenticate to the Authorization Server.
11. Select the OIDC Signing Certificate used to connect to the Service Provider.
12. Optional: Deselect Show Login Redirect URL in My Profile to hide the application from a user's profile.
13. Enter the Default Resource/Audience Request Value to include this value for the resource or audience parameter for every request to the client application.
14. In the Authentication Settings, the Grants Types Supported is selected by default. Only Client Credentials is supported for Server applications.
15. Click Submit.
16. Protect the application with a resource rule.