In this document, you will find a step-by-step guide on how to add or remove OpenID providers in Segura®.
Access path
- In Segura®, on the navigation bar, hover over the Products Menu and select Settings.
- In the side menu, select Authentication > OpenID > Providers.
For the OpenID Connect integration to work correctly with Segura®, it is necessary to ensure that the following scopes are enabled in the Identity Provider (IdP):
openid
email
profile
These scopes are essential for the Segura® platform to correctly identify and authenticate the user.
In more restrictive environments, it may be necessary to request explicit approval of these scopes from the team responsible for SSO management.
Add provider
This field is mandatory only if the fields in Endpoint URLs are not filled in. The user must complete at least one of the two available fields: OpenID endpoint configuration or Other endpoint URLs. If the field Other endpoint URLs is not completed, it becomes essential that the user fills in the field OpenID endpoint configuration to ensure the correct configuration of the services.
Note that each provider will require specific information. Therefore, whenever more details are needed, check the provider’s configuration.
- On the Providers report page, click the Add button.
- On the Provider registration screen:
- Type: in the drop-down menu, select the type of OpenID provider to be used.
- Enable: enable or disable the OpenID provider at the time of creation.
- Environment: select the environment in which the OpenID provider will be used.
- Provider Name: name of the provider to be registered.
- Icon (jpg or png – maximum 200kb): upload area for your custom provider icon.
- Client ID: enter the client ID for the connection. This ID is provided by the OpenID provider when registering a new application.
- Client secret: enter the secret from the OpenID authentication provider. This secret is provided by the OpenID provider when registering a new application.
- Preferred username: enter the OpenID attribute that will be used as the user identifier, such as
email
. - Domain or public IP for URL Redirection: enter Segura®’s domain or public IP address. It is used by the OpenID provider to redirect the user back to your application after authentication.
- Redirect URL: enter the specific endpoint in your application to which the OpenID provider will redirect the user after authentication.
- Comments: field for adding notes or additional observations about the configuration.
- In the Endpoint configuration section:
- OpenID endpoint configuration: enter the endpoint that configures OpenID. This is the base URL provided by the OpenID provider. This URL describes the necessary endpoints for OpenID interactions. This configuration automates the general discovery of endpoints.
- In the URLs of other endpoints section:
- Authorization endpoint: enter the URL provided by the OpenID provider, used by the application to send authorization requests.
- Token endpoint: enter the URL provided by the OpenID provider, to which the application sends requests to exchange the authorization code for an access token.
- Userinfo endpoint: enter the URL provided by the OpenID provider, through which the application can request authenticated user profile information using the access token.
- In the Extra configurations for provider section:
- JWK endpoint (mandatory if it is not in the main openid endpoint): enter the endpoint where the application should obtain the OpenID provider’s public keys to validate the access token signature. This field is mandatory if these keys are not available in the OpenID configuration endpoint.
- Additional Issuers (separated by commas): enter the list of additional issuers accepted by the application. Useful when the application needs to support multiple OpenID providers.
- In the Authorization configuration by device section:
- Enable Device Authorization: enable or disable device authorization for the OpenID provider.
- Username for device authorization: enter the username for device authorization.
- Password for device authorization: enter the password for device authorization.
- Token endpoint URL: authorization token endpoint.
- Status check endpoint URL: endpoint for verifying the device authorization status.
User information endpoint URL:** endpoint for verifying user information.
7. Click Save.
Update provider
To update the information of a previously registered provider, follow the steps below:
- In Segura®, on the navigation bar, hover over the Products Menu and select Settings.
- In the side menu, select Authentication > OpenID > Providers.
- In the Providers report, find the record you want to update, click the Actions button, and select Edit.
- Update the necessary information and click Save.
If the client_secret is not changed, the current information will be retained.
View provider details
To view provider details, follow the steps below:
- In the Providers report, find the record you want to update, click the Actions button, and select Provider details.
- The Provider registration window will open in view-only mode.
- You can view various details of the registered provider in this window, such as: OpenID endpoint configuration, Authorization Endpoint, Userinfo Endpoint, Redirect URL, Token Endpoint, and Comments.
- To view information individually, click the eye icon next to the text field of each detail.
Delete a provider
- In the Providers report, find the record you want to update, click the Actions button, and select Deactivate.
- In the confirmation modal, click Yes to deactivate the provider.