Example: Configuring Entrust Identity as a Service
The following example is configuring Entrust Identity as a Service (IDaaS) to use with KeyControl Compliance Manager for External Authentication using OpenID Connect.
-
Log into Entrust IDaaS with your user name and one time password (OTP).
-
After you have logged in, click Applications.
-
Click the + icon to create a new Generic OpenID Connect and OAuth Cloud Integration.
-
Create a Generic Web Application using the following:
-
General Settings:
-
Copy and paste the Client ID and the Client Secret to a safe location. These will be used when configuring OIDC in KeyControl Compliance Manager.
-
Set the Token / Revocation Endpoint Client Authentication Method to Client Secret Post.
-
Set the Login Redirect URIs for all nodes in the cluster to:
https://<IP or FQDN of KeyControl Compliance Manager node>/hytrust-authentication-rest/api/v2/login/<tenant>
The URIs are located in the KeyControl Compliance Manager webGUI for each tenant.
-
Set the Logout Redirect URIs for all nodes in the cluster to:
https://<IP or FQDN of KeyControl Compliance Manager node>/hytrust-authentication-rest/api/v2/sso/logout/<tenant>
The URIs are located in the KeyControl Compliance Manager webGUI for each tenant.
Important: If you use an IP address in the login and logout URLs, you can only log in to your KeyControl Compliance Manager tenant using the IP address. If you use the FQDN in the login and logout URLs, you can only log in to your KeyControl Compliance Manager tenant using the FQDN.
-
-
Authentication Settings:
-
Check the Require Consent checkbox.
-
Under Grant Types Supported, check the Authorization Code checkbox.
-
-
Supported Scopes
-
Select the Your unique identifier checkbox.
-
Select the Email address checkbox.
-
Use the default for all other settings.
-
-
Add a resource rule to the AD Group so that the AD group and users from that AD group can access the application.