Example: Configuring Entrust Identity as a Service to use with Entrust CloudControl

The following example is configuring Entrust Identity as a Service (IDaaS) to use with CloudControl for External Authentication using Open ID Connect.

1. Log into Entrust IDaaS with your user name and one time password (OTP).

2. After you have logged in, click Applications.

3. Click the + icon to create a new Generic OpenID Connect and OAuth Cloud Integration.

4. Create a Generic Web Application using the following: 

   • General Settings: 

     • Copy and paste the Client ID and the Client Secret to a safe location. These will be used when configuring OIDC in Entrust CloudControl.

     • Set the Token / Revocation Endpoint Client Authentication Method to Client Secret Post.

     • Set the Login Redirect URI(s) to https:// <Entrust CloudControl VIP> / asc/api/rest/v1/login

     • Set the Logout Redirect URI(s) to https:// <Entrust CloudControl VIP> / asc/api/rest/v1/sso/logout

   • Authentication Settings: 

     • Check the Require Consent checkbox.

     • Under Grant Types Supported, check the Authorization Code checkbox.

   • Supported Scopes

     • Select the Your unique identifier checkbox.

     • Select the Email address checkbox.

   Use the default for all other settings.

5. Add a resource rule to the AD Group so that the AD group and users from that AD group can access the application.