In the IDaaS administration interface, configure an OIDC Web application with the following settings.

Setting

Value

Subject Id Attribute

Type a unique user identifier.

ID Token Signing Algorithm

Select RS256.

Redirect URI(s)

Paste the value of the Redirect URL configuration setting described below.

Supported Scopes > Email address

Mark this checkbox

Require Consent

Unmark this checkbox.

User Info Signing Algorithm

None

Claims

Create a claim with the profile identifier. Set a group name as the value of each claim attribute.

Authentication decision

Select second factors as you wish and ensure users have the required authentications.

Groups

Create one group and add the users with login permissions.

In the Entrust PKI Hub console, configure the following settings for an Entrust Identity as a Service (IDaaS) identity provider.

Active    

Mark this checkbox to enable the identity provider.

Name

Type a provider name to display when logging into the Entrust PKI Hub console.

Redirect URL

The URL to redirect to when the identity provider successfully authenticates a user. Entrust PKI Hub automatically generates this value when you click Save. You must:

  1. Copy this value from the Entrust PKI Hub interface.
  2. Paste this URL on the Redirect URI(s) field of the IDaaS interface.

When the Entrust PKI Hub host URL changes, you must:

  1. Re-type the Client Secret and Client ID values on the Entrust PKI Hub console.
  2. Click Save.
  3. Copy the new Redirect URL value from the Entrust PKI Hub console.
  4. Paste this URL on the Redirect URI(s) field of the IDaaS interface.

Client Secret

Paste the client secret from the IDaaS OIDC application.

Client ID

Paste the client identifier from the IDaaS OIDC application.

Base IDaaS URL

Paste the account URL of the IDaaS OIDC application. 

When you enter this URL, the web browser interface fills in the rest of the URLs.

Required Group Attribute Name    

Type the following attribute name.

profile

Required Group Name

Type the name of the group configured in the IDaaS OIDC application.

JWKS URL

Paste the JSON Web Key Set (JWKS) URL of your identity provider. For example:

https://asacm.auth0.com/.well-known/jwks.json 

Authorization Endpoint

Paste the authorization endpoint of your identity provider. For example:

https://asacm.auth0.com/authorize

Access Token Endpoint

Paste the token endpoint of your identity provider. For example:

https://asacm.auth0.com/oauth/token

UserInfo Endpoint

Paste the UserInfo endpoint of your identity provider. For example:

https://asacm.auth0.com/userinfo 

Logout Endpoint

Paste the logout URL of your identity provider. For example:

https://asacm.auth0.com/v2/logout