Versions Compared

Old Version 9

changes.mady.by.user DocReviewer

Saved on

compared with

New Version 10

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 6

...

OpenID Connect (OIDC) is a federated SSO authentication protocol processed built over OAuth2.0 and is already supported for authentication in the Kyvos Web Client.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • From Kyvos 2024.1 onwards, a restart of the Kyvos Web Portal will not be required for Kyvos security configuration (Web based SSO).

  • To access Excelerate Web and Desktop through OIDC, you must configure confidential and public OIDC.

...

  • To access Tableau Server and Desktop through OIDC, you must configure confidential and public OIDC.

Kyvos supports OIDC authentication (Browser-based login/SSO ) for Excelerate desktop and web version.

Configuration Type

Kyvos Web Portal

Excelerate Desktop

Excelerate Web

Tableau Desktop

Tableau Server

Confidential OIDC

(tick)

(error)

(tick)

(error)

(tick)

Public OIDC

(tick)

(tick)

(error)

(tick)

(error)

To configure the OIDC (Auth2.0) as an external authentication provider for the Kyvos Web Portal, perform the following steps. 

...

Aura tab collection
paramsJTdCJTIyZ2VuZXJhbCUyMiUzQSU3QiUyMnRhYlNwYWNpbmclMjIlM0EwJTJDJTIydGFiV2lkdGglMjIlM0ExMDAlMkMlMjJ0YWJIZWlnaHQlMjIlM0E1MCUyQyUyMmRpcmVjdGlvbiUyMiUzQSUyMmhvcml6b250YWwlMjIlN0QlMkMlMjJjb250ZW50JTIyJTNBJTdCJTIyYmFja2dyb3VuZENvbG9yJTIyJTNBJTdCJTIyY29sb3IlMjIlM0ElMjIlMjNmZmYlMjIlN0QlMkMlMjJib3JkZXIlMjIlM0ElN0IlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyd2lkdGglMjIlM0ExJTJDJTIydG9wJTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmNvbG9yJTIyJTNBJTdCJTIybGlnaHQlMjIlM0ElMjIlMjNjY2NlY2YlMjIlN0QlN0QlMkMlMjJwYWRkaW5nJTIyJTNBJTdCJTIydG9wJTIyJTNBMTAlMkMlMjJyaWdodCUyMiUzQTEwJTJDJTIyYm90dG9tJTIyJTNBMTAlMkMlMjJsZWZ0JTIyJTNBMTAlN0QlN0QlMkMlMjJhY3RpdmUlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzZjU4MjI3JTIyJTdEJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzMDAwMDAwJTIyJTdEJTJDJTIydGV4dEFsaWduJTIyJTNBJTIybGVmdCUyMiUyQyUyMmZvbnRXZWlnaHQlMjIlM0ElMjJib2xkJTIyJTdEJTdEJTJDJTIyaG92ZXIlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSUyMiUyM2RmZTFlNiUyMiU3RCUyQyUyMnRleHQlMjIlM0ElN0IlMjJmb250U2l6ZSUyMiUzQTE4JTJDJTIyY29sb3IlMjIlM0ElMjIlMjM1ZTZjODQlMjIlMkMlMjJ0ZXh0QWxpZ24lMjIlM0ElMjJsZWZ0JTIyJTJDJTIyZm9udFdlaWdodCUyMiUzQSUyMmxpZ2h0ZXIlMjIlN0QlN0QlMkMlMjJpbmFjdGl2ZSUyMiUzQSU3QiUyMmJhY2tncm91bmRDb2xvciUyMiUzQSU3QiUyMmNvbG9yJTIyJTNBJTIyJTIzZjRmNWY3JTIyJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSUyMiUyMzVlNmM4NCUyMiUyQyUyMnRleHRBbGlnbiUyMiUzQSUyMmxlZnQlMjIlMkMlMjJmb250V2VpZ2h0JTIyJTNBJTIybGlnaHRlciUyMiU3RCUyQyUyMmJvcmRlciUyMiUzQSU3QiUyMnRvcCUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJ3aWR0aCUyMiUzQTElMkMlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyY29sb3IlMjIlM0ElN0IlMjJsaWdodCUyMiUzQSUyMiUyM2NjY2VjZiUyMiU3RCU3RCU3RCU3RA==
Aura tab
summaryOIDS Settings for Confidential Client
paramsJTdCJTIydGl0bGUlMjIlM0ElMjJPSURTJTIwU2V0dGluZ3MlMjBmb3IlMjBDb25maWRlbnRpYWwlMjBDbGllbnQlMjAlMjIlN0Q=

OIDC authentication for Kyvos Web Portal and , Excelerate Web, and Tableau Server.

Parameter/Field

Comments/Description

Client Id

Client ID provided by the authorization server upon registration of the application. This ID is used for identifying the client.

Client Secret

Secret to be used for authentication method. Kyvos Manager encrypts this secret.

Authorization URL

Endpoint URL provided by the authorization server.

Token URL

Access Token Endpoint URL provided by the authorization server.

Scope

Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used

Single Logout URL

URL to which the users are redirected on logging out. If left blank, there will be no single logout.

Verify ID Token

Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature.

Authorization Server OpenId Metadata URL

Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server.

Aura tab
summaryOIDC Settings for Public Client
paramsJTdCJTIydGl0bGUlMjIlM0ElMjJPSURDJTIwU2V0dGluZ3MlMjBmb3IlMjBQdWJsaWMlMjBDbGllbnQlMjIlN0Q=

OIDC authentication for Kyvos Web Portal, Excelerate Desktop, and Excelerate Tableau Desktop.

Enter details as:

Parameter/Field

Comments/Description

Client Id

Client ID provided by the authorization server upon registration of the application. This ID is used for identifying the client.

Authorization URL

Endpoint URL provided by the authorization server.

Token URL

Access Token Endpoint URL provided by the authorization server.

Scope

Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used

Single Logout URL

URL to which the users are redirected on logging out. If left blank, there will be no single logout.

Verify ID Token

Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature.

Authorization Server OpenId Metadata URL

Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server.

...