In the IDaaS administration interface, configure an OIDC Web application with the following settings.

Setting

Value

Subject Id Attribute

Type a unique user identifier.

ID Token Signing Algorithm

Select RS256.

Redirect URI(s)

Paste the value of the Redirect URL configuration setting described below.

Supported Scopes > Email address

Check this box

Require Consent

Uncheck this box.

User Info Signing Algorithm

None

Claims

Create a claim with the profile identifier. Set a group name as the value of each claim attribute.

Authentication decision

Select second factors as you wish and ensure users have the required authentications.

Groups

Create one group and add the users with login permissions.

In the Cryptographic Security Platform console, configure the following settings for an Entrust Identity as a Service (IDaaS) identity provider.

Active    

Check this box to enable the identity provider.

Name

Type a provider name to display when logging into the Cryptographic Security Platform console.

Redirect URL

The URL to redirect to when the identity provider successfully authenticates a user. Cryptographic Security Platform automatically generates this value when you click Save. You must:

  1. Copy this value from the Cryptographic Security Platform interface.
  2. Paste this URL on the Redirect URI(s) field of the IDaaS interface.

When the Cryptographic Security Platform host URL changes, you must:

  1. Re-type the Client Secret and Client ID values on the Cryptographic Security Platform console.
  2. Click Save.
  3. Copy the new Redirect URL value from the Cryptographic Security Platform console.
  4. Paste this URL on the Redirect URI(s) field of the IDaaS interface.

Client Secret

Paste the client secret from the IDaaS OIDC application.

Client ID

Paste the client identifier from the IDaaS OIDC application.

Base IDaaS URL

Paste the account URL of the IDaaS OIDC application. 

When you enter this URL, the web browser interface fills in the rest of the URLs.

Required Group Attribute Name    

Type the following attribute name.

profile

Required Group Name

Type the name of the group configured in the IDaaS OIDC application.

JWKS URL

Paste the JSON Web Key Set (JWKS) URL of your identity provider. For example:

https://asacm.auth0.com/.well-known/jwks.json 

Authorization Endpoint

Paste the authorization endpoint of your identity provider. For example:

https://asacm.auth0.com/authorize

Access Token Endpoint

Paste the token endpoint of your identity provider. For example:

https://asacm.auth0.com/oauth/token

UserInfo Endpoint

Paste the UserInfo endpoint of your identity provider. For example:

https://asacm.auth0.com/userinfo 

Logout Endpoint

Paste the logout URL of your identity provider. For example:

https://asacm.auth0.com/v2/logout