OpenID Connect

Audience: Application Admins

Content Summary: Immuta integrates seamlessly with your enterprise OpenID Connect provider. Immuta can leverage your OpenID Connect provider for authentication while maintaining all user attributes (attributes and groups) within Immuta's built-in identity manager.

The OpenID Connect identity manager is configured in the Identity and Access Management section of the App Settings page. When prompted, select OpenID as the type.

Choose OpenID IAM type

Provider Configuration

Before adding an OpenID Connection identity manager in Immuta, a client application must first be registered with the OpenID provider. In order to register a client application with the OpenID provider the redirect URL for your Immuta instance will be required. The redirect URL is displayed on the App Settings page when adding the OpenID IAM.

App Settings OpenID Redirect URL

If prompted for client application type, choose web.

The three key pieces of information that are required to configure the OpenID identity manager in Immuta are

Client ID
Client secret
Discover URL, sometimes referred to as Issuer URI or OpenID Connect metadata document.

These values are maintained by the OpenID provider, and as such must be obtained from there.

Immuta Configuration

After following the steps to add a new OpenID IAM from the Identity and Access Management section of the App Settings page, fill in the details from Provider Configuration as specified below.

Enter the Client ID, Client Secret, and Discover URL in the form field.

Immuta OpenID automatic configuration

If the OpenID provider does not support the discover URL, it may be necessary to provide Authorization Endpoint, Issuer, Token Endpoint, JWKS Uri, and Supported ID Token Signing Algorithms instead.

Immuta OpenID manual configuration

Follow the remaining steps from the OpenID IAM of the App Settings page to test and save the OpenID IAM configuration.