Configuring OpenID Connect

KeyControl Compliance Manager supports user authentication through an OpenID Connect provider. Once enabled, you will log in using the OIDC provider.

Before You Begin 

The OpenID Connect provider must be configured to accept the KeyControl Compliance Manager URIs for each node of the cluster. The URIs are located in the KeyControl Compliance Manager webGUI for each tenant. The Client ID and Client Secret are located in the OIDC provider. For more information, see External Authentication Providers .

Procedure 

1. Log into the KeyControl Compliance Manager webGUI with your standard account credentials.

2. In the side menu bar, select Settings.

3. Click the Authentication tab.
4. In the OpenID Connect section, click Configure.
5. In the Disable Local Authentication dialog box, click Continue.

6. Enter the following: 

   Field	Description
   Name	A user-defined name for the OpenID Connect provider. KeyControl Compliance Managerdisplays this name on the button on the login dialogs.
   Client ID	The organizational identity assigned by the OpenID Connect provider when you sign up for the service.
   Client Secret	A cryptographic component used to secure the organization's access to the OpenID Connect provider. Important: This field is write-only. It will never be displayed again after it has been initially created. It can be reentered if necessary.
   Base URL	Enter the base URL. For Entrust IDaaS, the base URL will be: https://<IDaaS server>/api/oidc
   Admin Name	The name of the tenant administrator.
   Admin Email	The email address of the tenant administrator.

7. Click Apply.