You can create an IdP via either Cloud Access Management Console or CAM API.
Creating an IdP via Console
1. To create an OIDC IdP, you need to obtain a federation metadata document from the IdP. This document includes the publisher's name, client ID, IdP URL, and the public key to verify the signature received from the IdP.
Note
This document uses Azure Active Directory as an example of an IdP.
3. On the Create Identity Provider page, select the provider type as SAML, configure the provider information, and click Next.
IdP Name: Enter the name of the IdP.
IdP URL: The identifier for the OpenID Connect IdP. This corresponds to the "issuer" field value in the OpenID Connect metadata document provided by the IdP.
Client ID: The client ID registered with the OpenID Connect IdP. This can be obtained from the Azure Active Directory > Enterprise Applications > OIDCSSO Application Overview page.
Public Key for Signature: Public key used to verify the signature of the IdP's ID Token. It corresponds to the content (obtained by visiting the link) linked in the "jwks_uri" field in the OpenID Connect metadata document provided by the IdP. For the security of your account, it is recommended that you rotate the signature public key regularly.
4. Click 'Next' to review the information about the IdP you entered. After confirming that everything is correct, click Complete to create the IdP.
Creating an IdP via API
To create an IdP and upload the metadata document, please invoke the CreateUserOIDCConfig interface.
Was this page helpful?