Create an OAuth configuration

To create an OAuth configuration, follow these steps:

In Suite Administration, click the IdM settings tab in the tenant detail page. The
system opens the Authentication page for the corresponding organization in the IdM
Admin Portal of the suite.
From the CONFIGURATIONS section, click 2018.02/attachments/23201467/23201470.png to
add one authentication.
Select OAUTH as the authentication type from the drop-down list, and then click
CREATE.
Enter the related OAuth configuration settings. You can get the information from
your OpenID identity provider.

View Fullscreen
Field Required Description
Display Name Yes The display name of this configuration.
Shared in same family No Share the authentication settings within the same
family. The supported values are "false" and "true''.
Client ID Yes The value of Client ID that you get from the OpenID identity
provider.
Client Sercet Yes The value of Client Secret that you get from the OpenID
identity provider.
HTTP Method Yes The HTTP method of getting a user's information from the
endpoint. The supported values are "GET" and "POST".
Caution: By selecting The GET option, you are disabling or bypassing security
features, thereby exposing the system to increased security risks. By using this
option, you understand and agree to assume all associated risks and hold Micro
Focus harmless for the same.
IDP URL Yes The endpoint or URL path provided by the OpenID Identity
Provider. The URL set for "Redirect URL" will be directed to the IDP URL.
Redirect URL Yes The value of redirect URL of the IDP URL for login.
Scope Yes The value of scope. For example, "openid email".
State Supported No Whether support the State Supported feature. The supported
values are "false" and "true''.
Username Attribute Yes The attribute to define a username.
User Info Endpoint No An OAuth 2.0 Protected Resource that returns Claims
about the authenticated end user. For example, /userinfo.
Token Endpoint Yes The token endpoint of the OpenID identity provider. The
Token Endpoint is used to obtain a Token Response. For example, /token.
Authentication Endpoint Yes The Authorization Endpoint performs authentication of
an end user. This is done by sending the user agent to the authorization server's
endpoint for authentication and authorization, using request parameters defined by
OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect.
For example, /authorize.
Logout Endpoint No The token endpoint where you can end a session.
Additional Parameter No The additional parameter for authentication.
Click SAVE.
Create a configuration group for OAuth
To create a configuration group for OAuth, follow these steps:

After you create an OAuth configuration, from the CONFIGURATION GROUPS section,
click 2018.02/attachments/23201467/23201470.png to add an authentication group.
In the Name field, enter oauth.

Note: You must use oauth as the name for the OAuth configuration group. Otherwise,
the default login type feature in Suite Administration doesn't work.
In the Display Name field, enter a display name for the authentication group.
In Authentication Group Type, select Normal.
In the Configurations field, select the OAuth authentication configuration that you
just created.

Note: You can add only one OAuth authentication configuration to the OAuth
configuration group.
Click SAVE.
Example: configure OAuth authentication with Google accounts
To enable OAuth-based Google Sign-In on a SMAX tenant:

Use your Google account to log in to Google API Console.

Fill out the OAuth consent screen, add required information like a product name and
support email address.
Click + CREATE CREDENTIALS, select OAuth client ID.
Select Web application as the Application type and specify a name for your OAuth
2.0 client.
Add https:<EXTERNAL_ACCESS_HOST>idm-service/idm/v0/oauth2 as an Authorized redirect
URI, click CREATE. Note the Client ID and Client Secret after the OAuth client is
created, both values are needed when you create an OAuth configuration in Suite
Administration. You can also get these values from Google API Console.
Log in to Suite Administration, go to Tenants, and select the tenant that you want
to enable OAuth-based Google Sign-In.
Click the IdM settings tab in the tenant detail page, from the CONFIGURATIONS
section, click 2018.02/attachments/23201467/23201470.png to add one authentication.
Select OAUTH as the authentication type, and then click CREATE.
Enter the following OAuth configuration settings.

View Fullscreen
Field Description
Display Name The display name of this configuration.
Client ID The value of Client ID that you get from step 5 above.
Client Secret The value of Client Secret that you get from step 5 above.
IDP URL https://accounts.google.com
Scope openid profile email
User Info Endpoint https://openidconnect.googleapis.com/v1/userinfo
Token Endpoint https://oauth2.googleapis.com/token
Authorization Endpoint https://accounts.google.com/o/oauth2/v2/auth
Logout Endpoint https://accounts.google.com/Logout

Additional Parameter The additional parameter for authentication.

Click SAVE.