Users and User GroupsBreadcrumbManaging User Accounts and User GroupsBreadcrumbConfiguring External Authentication using OpenID Connect

Configuring External Authentication using OpenID Connect

Use this dialog to configure your OpenID authentication server and map OpenID groups to WhatsUp Gold user groups.

Important: The use of OpenID authentication with WhatsUp Gold requires an HTTPS connection. If HTTPS is not established, you will be presented with an informational dialog directing you to instructions on how to configure WhatsUp Gold to use HTTPS.

Important: To successfully use OpenID Connect authentication with WhatsUp Gold, additional configuration on the secure token server is required.

Note: On the secure token server, make sure to limit the quantity of groups mapping to each WhatsUp Gold user in order to limit the size of the token created.

To configure OpenID Connect external authentication:

  1. Click Edit to launch the Edit OpenID Server Settings dialog.
  2. Enter the following information in the applicable fields:
    • Identity Provider URL. The address or root of the OpenID authentication server.
    • Issuer. The issuing authority value, including terminating backslash if applicable, is identified in your secure token server of your tenant's discovery document.
    • Client ID. Enter the public client identifier assigned to WhatsUp Gold by OpenID.
    • Audience. The audience value for the token is usually the client ID of the application defined in secure token server settings.
    • Client Secret. Enter the client secret generated by the authentication server/Identity Provider. Please note, once the Client Secret has been saved, it cannot be displayed or retrieved. However, it can be overwritten by modifying the entry in this Edit OpenID Server Settings dialog.
    • Redirect URI
      • Sign In. The callback URL used by OpenID when accessing WhatsUp Gold. This is a suffix to be appended to the address of the WhatsUp Gold server.
      • Sign Out. The callback URL used by OpenID when exiting WhatsUp Gold. This is a suffix to be appended to the address of the WhatsUp Gold server.

        Important: The Sign In and Sign Out URLs must resolve to the same WhatsUp Gold server. Additionally, the set of URLs configured on the secure token server must also resolve to one and only one WhatsUp Gold server.

    • Groups Claim Key. The name or key for the group node in the claims collection returned in the ID and Access tokens.
    • Sig Algorithm (RS256, HS256). The algorithm used to validate the signature and by doing so verify the token was signed by the sender and not altered in any way. Select RS256 for the public key and HS256 for the private key as the signing algorithm.
    • Click on any applicable checkbox to enable the use of meta data during authentication.

    Note: You can click Test to check the connectivity between WhatsUp Gold and the Issuer.

  3. Click OK to save your server settings and return to the OpenID Authentication Setup dialog.
  4. If desired, you can modify the Token Validation Timer setting. This setting reflects how often WhatsUp Gold reaches out to the OpenID server to validate the user's access token.
  5. Click the Add icon to create a new line item under WhatsUp Gold Group Access.
  6. Enable the checkbox next to the new line item, then click the Edit icon.
  7. Enter the name of an existing OpenID group in the data entry field on the left, then select a WhatsUp Gold User Group you want to map to the specified Open ID group from the drop-down menu on the right.
  8. Click Update.
  9. Repeat the previous steps to complete mapping of OpenID groups and WhatsUp Gold User Groups as needed.
  10. Click Save.