Professional Documents
Culture Documents
In Suite Administration, click the IdM settings tab in the tenant detail page. The
system opens the Authentication page for the corresponding organization in the IdM
Admin Portal of the suite.
From the CONFIGURATIONS section, click 2018.02/attachments/23201467/23201470.png to
add one authentication.
Select OAUTH as the authentication type from the drop-down list, and then click
CREATE.
Enter the related OAuth configuration settings. You can get the information from
your OpenID identity provider.
View Fullscreen
Field Required Description
Display Name Yes The display name of this configuration.
Shared in same family No Share the authentication settings within the same
family. The supported values are "false" and "true''.
Client ID Yes The value of Client ID that you get from the OpenID identity
provider.
Client Sercet Yes The value of Client Secret that you get from the OpenID
identity provider.
HTTP Method Yes The HTTP method of getting a user's information from the
endpoint. The supported values are "GET" and "POST".
Caution: By selecting The GET option, you are disabling or bypassing security
features, thereby exposing the system to increased security risks. By using this
option, you understand and agree to assume all associated risks and hold Micro
Focus harmless for the same.
IDP URL Yes The endpoint or URL path provided by the OpenID Identity
Provider. The URL set for "Redirect URL" will be directed to the IDP URL.
Redirect URL Yes The value of redirect URL of the IDP URL for login.
Scope Yes The value of scope. For example, "openid email".
State Supported No Whether support the State Supported feature. The supported
values are "false" and "true''.
Username Attribute Yes The attribute to define a username.
User Info Endpoint No An OAuth 2.0 Protected Resource that returns Claims
about the authenticated end user. For example, /userinfo.
Token Endpoint Yes The token endpoint of the OpenID identity provider. The
Token Endpoint is used to obtain a Token Response. For example, /token.
Authentication Endpoint Yes The Authorization Endpoint performs authentication of
an end user. This is done by sending the user agent to the authorization server's
endpoint for authentication and authorization, using request parameters defined by
OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect.
For example, /authorize.
Logout Endpoint No The token endpoint where you can end a session.
Additional Parameter No The additional parameter for authentication.
Click SAVE.
Create a configuration group for OAuth
To create a configuration group for OAuth, follow these steps:
After you create an OAuth configuration, from the CONFIGURATION GROUPS section,
click 2018.02/attachments/23201467/23201470.png to add an authentication group.
In the Name field, enter oauth.
Note: You must use oauth as the name for the OAuth configuration group. Otherwise,
the default login type feature in Suite Administration doesn't work.
In the Display Name field, enter a display name for the authentication group.
In Authentication Group Type, select Normal.
In the Configurations field, select the OAuth authentication configuration that you
just created.
Note: You can add only one OAuth authentication configuration to the OAuth
configuration group.
Click SAVE.
Example: configure OAuth authentication with Google accounts
To enable OAuth-based Google Sign-In on a SMAX tenant:
View Fullscreen
Field Description
Display Name The display name of this configuration.
Client ID The value of Client ID that you get from step 5 above.
Client Secret The value of Client Secret that you get from step 5 above.
IDP URL https://accounts.google.com
Scope openid profile email
User Info Endpoint https://openidconnect.googleapis.com/v1/userinfo
Token Endpoint https://oauth2.googleapis.com/token
Authorization Endpoint https://accounts.google.com/o/oauth2/v2/auth
Logout Endpoint https://accounts.google.com/Logout