List of published manuals

List of manuals for contractors

Adding Upstream ID Providers

This section describes the procedure to register upstream ID providers.

Registered upstream ID providers can be used to authenticate users.

[ Note ]

After an upstream ID provider is registered, its Issuer identifier cannot be changed. To change the Issuer, delete the upstream ID provider and create a new one.

  1. Click "System" and then "Upstream ID Provider Management."


  2. Click "Add New Upstream ID Provider."


  3. Configure the following settings and then click "Add Upstream ID Provider."

    Option Description Example Entry Comments
    Upstream ID provider name Enter the name of the upstream ID provider here. Upstream ID Provider 1
    Authentication protocol The authentication protocol appears here.

    Client ID Enter the client ID issued by IdP here. your_client_id
    Client secret Enter the client secret issued by IdP here. some_secret12345
    Authentication flow Select the authentication flow here. Authorization Code Flow
    Claim to represent user identifiers Enter the claim that represents external ID provider user identifiers that are mapped to user IDs. Claims that represent user identifiers are included in ID tokens issued by external ID providers, although they are sometimes retrievable from UserInfo endpoints.
    • preferred_username
    • email
    • upn*
    		 * upn (user principal name): claim type supported by Azure AD and ADFS
    Authentication flow Specify the flow used to retrieve tokens from IdP. Select from the following options:
    • Authorization Code Flow
    • Implicit Flow
    Request scopes Define the scope requested of IdP.
    • openid
    • profile
    • email
    Endpoint settings Get data from the Discovery endpoint Retrieves endpoint settings from IdP Discovery endpoints. https://server.example.jp/.well-known/openid-configuration
    Issuer identifier (issuer) Enter the issuer identifier in URL format here. https://server.example.jp
    Authorization endpoint (authorization_endpoint) Enter the URL to the authorization endpoint here. https://server.example.jp/authorize
    Token endpoint (token_endpoint) Enter the URL to the token endpoint here. https://server.example.jp/token
    URL of the JSON Web Key Set (jwks_uri) Enter the URL that returns the JSON Web Key Set here. https://server.example.jp/keys
    Userinfo endpoint (userinfo_endpoint) Enter the URL to the UserInfo endpoint here. https://server.example.jp/userinfo