In the Entrust PKI Hub console, configure the following settings for an OpenID Connect 1.0 identity provider.

Active

Mark this checkbox to enable the identity provider.

Name

The identity provider name displayed when logging into the Entrust PKI Hub console.

Redirect URL

The URL to redirect to when the identity provider successfully authenticates a user. Entrust PKI Hub automatically generates this value when you click Save. You must:

1. Copy this value from the Entrust PKI Hub console.
2. Paste this URL on the redirect URLs field of your IdP interface – for example, on the Allowed Callback URLs field of an auth0 identity provider.

When the Entrust PKI Hub host URL changes, you must:

1. Re-type the Client Secret and Client ID values on the Entrust PKI Hub console.
2. Click Save.
3. Copy the new Redirect URL value from the Entrust PKI Hub console.
4. Paste this URL on the redirect URLs field of your IdP interface.

Client Secret

The client secret provided by your identity provider.

Client ID

The client identifier provided by your identity provider.

Required Group Attribute Name

The claim name provided by your identity provider for user access restriction. See below an example for Auth0.

This custom claim must start with https or http and cannot include a dot. For example:

See https://auth0.com/docs/scopes/openid-connect-scopes for how to create a custom claim.

Required Group Name

The claim value provided by your identity provider for user access restriction. See below an example for Auth0 where only users in the "admin" group have access permissions.

JWKS URL

The JSON Web Key Set (JWKS) URL of your identity provider. For example:

Authorization Endpoint

The authorization endpoint of your identity provider. For example:

Access Token Endpoint

The token endpoint of your identity provider. For example:

UserInfo Endpoint

The UserInfo endpoint of your identity provider. For example:

Logout Endpoint

The logout URL of your identity provider. For example: