List of published manuals

List of manuals for contractors

IIJ ID Service Manual [For Administrators]

Adding Upstream ID Providers

This section describes the procedure to register upstream ID providers.

Registered upstream ID providers can be used to authenticate users.

[ Note ]

After an upstream ID provider is registered, its Issuer identifier cannot be changed. To change the Issuer, delete the upstream ID provider and create a new one.

  1. Click "System" and then "Upstream ID Provider Management."


  2. Click "Add New Upstream ID Provider."


  3. Configure the following settings and then click "Add Upstream ID Provider."

    OptionDescriptionExample EntryComments
    Upstream ID provider nameEnter the name of the upstream ID provider here.Upstream ID Provider 1
    Authentication protocolThe authentication protocol appears here.

    Client IDEnter the client ID issued by IdP here.your_client_id
    Client secretEnter the client secret issued by IdP here.some_secret12345
    Authentication flowSelect the authentication flow here.Authorization Code Flow
    Claim to represent user identifiersEnter the claim that represents external ID provider user identifiers that are mapped to user IDs. Claims that represent user identifiers are included in ID tokens issued by external ID providers, although they are sometimes retrievable from UserInfo endpoints.
    • preferred_username
    • email
    • upn*
    		* upn (user principal name): claim type supported by Azure AD and ADFS
    Authentication flowSpecify the flow used to retrieve tokens from IdP.Select from the following options:
    • Authorization Code Flow
    • Implicit Flow

    Request scopesDefine the scope requested of IdP.
    • openid
    • profile
    • email

    Endpoint settingsGet data from the Discovery endpointRetrieves endpoint settings from IdP Discovery endpoints.https://server.example.jp/.well-known/openid-configuration
    Issuer identifier (issuer)Enter the issuer identifier in URL format here.https://server.example.jp
    Authorization endpoint (authorization_endpoint)Enter the URL to the authorization endpoint here.https://server.example.jp/authorize
    Token endpoint (token_endpoint)Enter the URL to the token endpoint here.https://server.example.jp/token
    URL of the JSON Web Key Set (jwks_uri)Enter the URL that returns the JSON Web Key Set here.https://server.example.jp/keys
    Userinfo endpoint (userinfo_endpoint)Enter the URL to the UserInfo endpoint here.https://server.example.jp/userinfo