Configuring External Authentication using OpenID Connect
Use this dialog to configure your OpenID authentication server and map OpenID groups to WhatsUp Gold user groups.
: The use of OpenID authentication with WhatsUp Gold requires an HTTPS connection. If HTTPS is not established, you will be presented with an informational dialog directing you to instructions on how to configure WhatsUp Gold to use HTTPS.
: To successfully use OpenID Connect authentication with WhatsUp Gold, additional configuration on the secure token server is required.
: On the secure token server, make sure to limit the quantity of groups mapping to each WhatsUp Gold user in order to limit the size of the token created.
To configure OpenID Connect external authentication:
- Click to launch the Edit OpenID Server Settings dialog.
- Enter the following information in the applicable fields:
- . The address or root of the OpenID authentication server.
- . The issuing authority value, including terminating backslash if applicable, is identified in your secure token server of your tenant's discovery document.
- . Enter the public client identifier assigned to WhatsUp Gold by OpenID.
- . The audience value for the token is usually the client ID of the application defined in secure token server settings.
- . Enter the client secret generated by the authentication server/Identity Provider. Please note, once the Client Secret has been saved, it cannot be displayed or retrieved. However, it can be overwritten by modifying the entry in this Edit OpenID Server Settings dialog.
- . The name or key for the group node in the claims collection returned in the ID and Access tokens.
- . The algorithm used to validate the signature and by doing so verify the token was signed by the sender and not altered in any way. Select RS256 for the public key and HS256 for the private key as the signing algorithm.
- Click on any applicable checkbox to enable the use of meta data during authentication.
: You can click to check the connectivity between WhatsUp Gold and the Issuer.
- Click to save your server settings and return to the OpenID Authentication Setup dialog.
- If desired, you can modify the Token Validation Timer setting. This setting reflects how often WhatsUp Gold reaches out to the OpenID server to validate the user's access token.
- Click the Add icon to create a new line item under WhatsUp Gold Group Access.
- Enable the checkbox next to the new line item, then click the Edit icon.
- Enter the name of an existing OpenID group in the data entry field on the left, then select a WhatsUp Gold User Group you want to map to the specified Open ID group from the drop-down menu on the right.
- Click .
- Repeat the previous steps to complete mapping of OpenID groups and WhatsUp Gold User Groups as needed.
- Click .