Entering ID provider data in the user administration
You have the option to store login data for identity providers in the user administration.
Key values are already preconfigured for the following identity providers:
-
Microsoft Azure
-
Keycloak
-
Okta
-
Google
Step-by-step guide
Proceed as follows to store login data for identity providers in the user administration:
-
Start the "User" module.
-
Select the "Configuration" entry in the "User" menu.
The "User manager configuration" dialog box is displayed.
-
Under "Web", click on the
icon.
The "Binding: Web" dialog box is displayed.
-
Activate the "OAuth2 authentication" option (
).
-
Click on the
icon (Add provider)(
).
-
Select the desired provider or select the "User-defined" tile.
-
Click on "Next".
-
The "Configure provider" dialog box is displayed for the previously selected provider.
In the dialog window, the values known for the respective provider are already preassigned in whole or in part.
Provider settings
Name
Enter a name for the provider configuration here. The name has to be unique. You can overwrite the name preassigned by Intrexx.
Client ID
Enter the client ID here. You must obtain this from the ID provider. See the Client ID and Client Secret sections for more information.
Client secret
Enter the client secret here. You must obtain this from the ID provider. See the Client ID and Client Secret sections for more information.
Scope
The provider's scope must be stored here. The value is preset by Intrexx.
You can (also) obtain the value from the ID provider. See the REST-API endpoints section for more information.
Access Token URL
The access token URL of the provider must be stored here. The value is preassigned by Intrexx for some providers completely and for some providers partially.
If the value is partially pre-assigned, it contains variables whose value you must obtain from the provider. (For Microsoft Azure, this is the "Tenant ID".) See the REST API endpoints section.
User Auth URL
The user auth URL for authorization with the provider must be stored here. The value is preassigned by Intrexx for some providers completely and for some providers partially.
If the value is partially pre-assigned, it contains variables whose value you must obtain from the provider. (For Microsoft Azure, this is the "Tenant ID".) See the REST API endpoints section.
Public Key Source
The "public key source", the URL for the provider's public keys, must be stored here. The value is preassigned by Intrexx for some providers completely and for some providers partially.
If the value is partially pre-assigned, it contains variables whose value you must obtain from the provider. (For Microsoft Azure, this is the "Tenant ID".) See the REST API endpoints section.
User Info URL
The "User info URL", the URL for the user information endpoint, can be stored here. The field can be empty. It is pre-assigned with the appropriate value from Intrexx, if the value is required. If the value is partially pre-assigned, it contains variables whose value you must obtain from the provider.
Redirect URL
The "Redirect URL" must be stored here. It is preset by Intrexx. The redirect URL is made up of the base URL of your portal and the following components: "/oauth2/login/<provider name>"
Please refer to the section Storing a redirect URL.
Mapping
When authentication data (ID token) is transmitted from the ID provider to Intrexx, Intrexx performs a mapping between the user at the ID provider and in the Intrexx user administration.
The users are mapped using a unique field (attribute) both in the ID provider and Intrexx (master user data field). Typically the user's email address is used for this. It is important that the values in the selected user master data field are unique. If several users are determined using a token value, the login is aborted with an error.Intrexx presets the mapping with the provider field name "email" and the database field "Business email".
Provider field name
You must obtain the provider field name from the provider.
Database field
For database fields, data fields of the type String can be selected. User-defined data fields are also available for selection. Intrexx presets the mapping with the provider field name ""Email"" and the database field ""Business email"".
Enable user registration
After successful login, a new Intrexx user can optionally be registered if it does not yet exist, or an existing Intrexx user can be changed. Groovy scripts are required for execution and these can be configured via the web binding dialog.
Detailed information on this can be found in the section Enable user registration.
Nonce required
Here you can specify whether the provider requires a nonce ("number used once").
You can find out whether the provider requires a nonce from the provider. The value is preset by Intrexx.
Additional redirect parameters
You have the option to store additional redirect parameters. These are each composed of a key and a value. Intrexx presets redirect parameters if necessary.
-
Click on the
icon.
The "Additional redirect parameters" dialog box is displayed.
-
Click on the
icon.
-
Enter the key and its value here.
-
Click on "OK".
You return to the "Additional redirect parameters" dialog box.
-
Click on "OK".
You will return to the "Configure provider" dialog box.
Login button on the web
Title
Enter the text to be displayed on the button here.
Style class
Enter the name of the style class to be used for the login button.
Intrexx presets the style class with "Button_Standard".
User-defined style classes can be defined in the "Layout" module.
Show on the web
Here you can specify whether or not the login button should be displayed on the web.
(Hiding the button may be useful, for example, during a test phase or when a provider is temporarily unavailable.)
Place provider icon on the login button
You have the option of placing the provider's icon or another icon on the login button. You can find detailed information on this in the section Customize login button for identity provider.
-
-
Click on "Finish".
More information