After deploying Certificate Hub, you can integrate Identity Providers (IdPs) already in use in the corporate environment.

To configure an identity provider

1. Log in as an administrator with the global_admin role.
2. Go to Administer > Settings > IDENTITY PROVIDER.
3. In the Select Identity Provider list, choose one of the mechanisms already described for the PKI Hub Management Console.
   • Entrust Identity as a Service (IDaaS)
   • Internal password
   • Lightweight Directory Access Protocol
   • OpenID Connect 1.0
4. Configure the selected identity providers. For Certificate Hub, the OIDC claim email attribute is the user's unique username. Therefore, all users logging from an IdP must have unique email addresses.
5. Optionally, disable the Internal password authentication mechanism.
6. In Administer > Administrators, manage the new IdP-registered administrators.