Example: Configuring Entrust Identity as a Service

The following example shows how to configure Entrust Identity as a Service (IDaaS) to use with KeyControl for External Authentication using Open ID Connect.

1. Log into Entrust IDaaS with your user name and one time password (OTP).

2. After you have logged in, click Applications.

3. Click the + icon to create a new Generic OpenID Connect and OAuth Cloud Integration.

4. Create a Generic Web Application using the following: 

   • General Settings: 

     • Copy and paste the Client ID and the Client Secret to a safe location. These will be used when configuring OIDC in Entrust CloudControl.

     • Set the Token / Revocation Endpoint Client Authentication Method to Client Secret Post.

     • Set the Login Redirect URIs for all nodes in the cluster to: https://<IP or FQDN of KeyControl node>/v5/oidc/callback

     • Set the Logout Redirect URIs for all nodes in the cluster to: https://<IP or FQDN of KeyControl node>/v5/kc/oidc/logout

   • Authentication Settings: 

     • Check the Require Consent checkbox.

     • Under Grant Types Supported, check the Authorization Code checkbox.

   • Supported Scopes

     • Select the Your unique identifier checkbox.

     • Select the Email address checkbox.

   Use the default for all other settings.

5. Add a resource rule to the AD Group so that the AD group and users from that AD group can access the application.