Adding Upstream ID Providers
This section describes the procedure to register upstream ID providers.
Registered upstream ID providers can be used to authenticate users.
[ Note ]
After an upstream ID provider is registered, its Issuer identifier cannot be changed. To change the Issuer, delete the upstream ID provider and create a new one.
- Click "System" and then "Upstream ID Provider Management."
- Click "Add New Upstream ID Provider."
Configure the following settings and then click "Add Upstream ID Provider."
Option Description Example Entry Comments Upstream ID provider name Enter the name of the upstream ID provider here. Upstream ID Provider 1 Authentication protocol The authentication protocol appears here. Client ID Enter the client ID issued by IdP here. your_client_id Client secret Enter the client secret issued by IdP here. some_secret12345 Authentication flow Select the authentication flow here. Authorization Code Flow Claim to represent user identifiers Enter the claim that represents external ID provider user identifiers that are mapped to user IDs. Claims that represent user identifiers are included in ID tokens issued by external ID providers, although they are sometimes retrievable from UserInfo endpoints. - preferred_username
- upn*
* upn (user principal name): claim type supported by Azure AD and ADFS Authentication flow Specify the flow used to retrieve tokens from IdP. Select from the following options: - Authorization Code Flow
- Implicit Flow
Request scopes Define the scope requested of IdP. - openid
- profile
Endpoint settings Get data from the Discovery endpoint Retrieves endpoint settings from IdP Discovery endpoints. https://server.example.jp/.well-known/openid-configuration Issuer identifier (issuer) Enter the issuer identifier in URL format here. https://server.example.jp Authorization endpoint (authorization_endpoint) Enter the URL to the authorization endpoint here. https://server.example.jp/authorize Token endpoint (token_endpoint) Enter the URL to the token endpoint here. https://server.example.jp/token URL of the JSON Web Key Set (jwks_uri) Enter the URL that returns the JSON Web Key Set here. https://server.example.jp/keys Userinfo endpoint (userinfo_endpoint) Enter the URL to the UserInfo endpoint here. https://server.example.jp/userinfo