In the PKI Hub console, configure the following settings for an OpenID Connect 1.0 identity provider.

Active

Check this box to enable the identity provider.

Name

The identity provider name displayed when logging into the PKI Hub console.

Redirect URL

The URL to redirect to when the identity provider successfully authenticates a user. PKI Hub automatically generates this value when you click Save. You must:

1. Copy this value from the PKI Hub console.
2. Paste this URL on the redirect URLs field of your IdP interface – for example, on the Allowed Callback URLs field of an auth0 identity provider.

When the PKI Hub host URL changes, you must:

1. Re-type the Client Secret and Client ID values on the PKI Hub console.
2. Click Save.
3. Copy the new Redirect URL value from the PKI Hub console.
4. Paste this URL on the redirect URLs field of your IdP interface.

Client Secret

The client secret provided by your identity provider.

Client ID

The client identifier provided by your identity provider.

Required Group Attribute Name

The claim name provided by your identity provider for user access restriction. See below an example for Auth0.

This custom claim must start with https or http and cannot include a dot. For example:

See https://auth0.com/docs/scopes/openid-connect-scopes for how to create a custom claim.

Required Group Name

The claim value provided by your identity provider for user access restriction. See below an example for Auth0 where only users in the "admin" group have access permissions.

JWKS URL

The JSON Web Key Set (JWKS) URL of your identity provider. For example:

Authorization Endpoint

The authorization endpoint of your identity provider. For example:

Access Token Endpoint

The token endpoint of your identity provider. For example:

UserInfo Endpoint

The UserInfo endpoint of your identity provider. For example:

Logout Endpoint

The logout URL of your identity provider. For example: