How to manage OpenID providers

  • 4 minute(s) read
Prev Next

# How to Manage OpenID Providers

This document provides a step-by-step guide on how to add or remove OpenID providers in Segura®.

Access Path

  1. In Segura®, on the navigation bar, hover over the Product Menu and select Settings.
  2. In the side menu, select Authentication > OpenID > Providers.
Important

For OpenID Connect integration to work properly with Segura®, make sure the following scopes are enabled in the identity provider (IdP):

  • openid
  • email
  • profile

These scopes are essential for Segura® to correctly identify and authenticate the user. In more restrictive environments, you may need to explicitly request these scopes from the team responsible for SSO management.

Add Provider

Info

Be aware that each provider may require specific information. Whenever more details are needed, check the provider's configuration.

  1. On the Providers report page, click the Add button.

  2. In the Provider Registration window:

    1. Type: from the dropdown menu, select the type of OpenID provider to use.
    2. Active: select the OpenID provider status at creation. By default, it is always set to Yes.
    3. Environment: select the environment where the OpenID provider will be used.
    4. Provider name: enter the provider's name.
    5. Icon: upload the provider's icon.
    6. Client ID: enter the client ID for connection. This ID is provided by the OpenID provider when registering a new application.
    7. Client secret: enter the secret from the OpenID authentication provider. This secret is provided by the OpenID provider when registering a new application.
    8. Preferred username: indicate the preferred username.
    9. Domain or public IP for redirect URL: enter the domain or public IP address of Segura®. It is used by the OpenID provider to redirect the user back to your application after authentication.
    10. Redirect URL: enter the specific endpoint in your application to which the OpenID provider will redirect the user after authentication.
    11. Comments: field to add notes or additional observations about the configuration.

  3. In the Endpoint Configuration section:

    1. OpenID endpoint configuration: enter the endpoint that configures OpenID. This is the base URL provided by the OpenID provider. This URL describes the endpoints required for OpenID interactions. This configuration generally automates endpoint discovery.
    Info

    This field is required only if the endpoint URLs fields are not filled in. The user must fill in at least one of the two available fields: OpenID endpoint configuration or the other endpoint URLs. If the other endpoint URLs field is not filled in, it is essential to fill in the OpenID endpoint configuration field to ensure correct service configuration.

  4. In the Other Endpoint URLs section:

    1. Authorization endpoint: enter the URL provided by the OpenID provider, used by the application to send authorization requests.
    2. Token endpoint: enter the URL provided by the OpenID provider, where the application sends requests to exchange the authorization code for an access token.
    3. Userinfo endpoint: enter the URL provided by the OpenID provider, through which the application can request profile information of the authenticated user using the access token.

  5. In the Additional Provider Settings section:

    1. JWK endpoint (required if not available in the OpenID endpoint): enter the endpoint where the application should obtain the OpenID provider's public keys to validate the access token signature. This field is required if these keys are not available in the OpenID configuration endpoint.
    2. Additional issuers (comma-separated): enter the list of additional issuers accepted by the application. Useful when the application needs to support multiple OpenID providers.

  6. In the Device Authorization Configuration section:

    1. Enable device authorization: enables authorization through a specific device.
    2. Username for device authorization: username used for device authentication.
    3. Password for device authorization: password for the username used for device authentication.
    4. Token endpoint URL: URL of the endpoint to generate the token.
    5. Status verification endpoint URL: URL to check the token status.
    6. User info endpoint URL: URL to check the user.

  7. Click Save.

Update Provider

To update the information of a previously registered provider, follow the steps below:

Info

If the client_secret is not changed, the current information will be kept.

  1. In Segura®, on the navigation bar, hover over the Product Menu and select Settings.
  2. In the side menu, select Authentication > OpenID > Providers.
  3. In the Providers report, find the record you want to update, click the Actions button, and select Edit.
  4. Update the necessary information and click Save.

View Provider Details

To view provider details, follow the steps below:

  1. In the Providers report, find the record you want to update, click the Actions button, and select Provider Details.
  2. The Provider Registration window will open in view mode.
  3. You will be able to view various details of the registered provider in this window, such as: OpenID endpoint configuration, Authorization endpoint, Userinfo endpoint, Redirect URL, Token endpoint, and Comments.
  4. To view one detail at a time, click the eye icon next to each detail's text field.

Delete a Provider

  1. In the Providers report, find the record you want to update, click the Actions button, and select Deactivate.
  2. In the confirmation modal, click Yes to deactivate the provider.