Audience: Application Admins
Content Summary: Immuta integrates seamlessly with your enterprise OpenID Connect provider. Immuta can leverage your OpenID Connect provider for authentication while maintaining all user attributes (attributes and groups) within Immuta's built-in identity manager.
The OpenID Connect identity manager is configured in the Identity and Access Management section of the App Settings page. When prompted, select OpenID as the type.
Before adding an OpenID Connection identity manager in Immuta, a client application must first be registered with the OpenID provider. In order to register a client application with the OpenID provider the redirect URL for your Immuta instance will be required. The redirect URL is displayed on the App Settings page when adding the OpenID IAM.
If prompted for client application type, choose web.
The three key pieces of information that are required to configure the OpenID identity manager in Immuta are
- Client ID
- Client secret
- Discover URL, sometimes referred to as Issuer URI or OpenID Connect metadata document.
These values are maintained by the OpenID provider, and as such must be obtained from there.
After following the steps to add a new OpenID IAM from the Identity and Access Management section of the App Settings page, fill in the details from Provider Configuration as specified below.
Enter the Client ID, Client Secret, and Discover URL in the form field.
If the OpenID provider does not support the discover URL, it may be necessary to provide Authorization Endpoint, Issuer, Token Endpoint, JWKS Uri, and Supported ID Token Signing Algorithms instead.
Follow the remaining steps from the OpenID IAM of the App Settings page to test and save the OpenID IAM configuration.