Document toolboxDocument toolbox

OIDC based external authentication for Kyvos Web Portal

Owned by Sarabjeet Kaur
Last updated: Apr 24, 2024 by NIDHI BHANDARI
2 min read

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

OpenID Connect (OIDC) is a federated SSO authentication protocol built over OAuth2.0 and is supported for authentication in the Kyvos Web Client. Kyvos also provides connectivity for third-party BI tools like FluenceXL, Tableau, Power BI, etc., through this protocol.

To configure the OIDC (Auth2.0) as an external authentication provider for the Kyvos Web Portal, perform the following steps. 

  1. On the navigation pane, click Security > Web based SSO. The Web based SSO dialog is displayed.

  2. Select the Enable External Authentication check box to define the external authentication mechanism for the Kyvos Web portal.

  3. Select the OIDC option from the Provider list.

  4. Enter details as:

Parameter

Description

Parameter

Description

Header Name

Enter the name of the HTTP header that contains the user name in the HTTP request.

Header Type

Select the type of value to be sent by the external authentication tool as an SSO token.

Client Id

Client ID provided by the authorization server upon registration of the application. This ID is used for identifying the client.

Client Secret

Secret to be used for authentication method. Kyvos Manager encrypts this secret.

Authorization URL

Endpoint URL provided by the authorization server.

Token URL

Access Token Endpoint URL provided by the authorization server.

Scope

Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used

Single Logout URL

URL to which the users are redirected on logging out. If left blank, there will be no single logout.

Verify ID Token

Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature.

Authorization Server OpenId Metadata URL

Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server.

  1. Click the Save button to save changes.

Copyright Kyvos, Inc. All rights reserved.