Back to top

Add a custom OIDC connection

Last updated June 26th, 2024

You can add a custom OIDC connection for user authentication by your enterprise’s directory. To add a custom OIDC connection:

  1. Go to Setting > Identity & Directory > Connection in the Knox Manage console.

  2. On the Connection page, click Add.

  3. On the Add Connection page, enter basic information about a connection.

    • Connection Type — Select Custom OIDC to specify connection type.

    • Connection Name — Enter a connection name, with a maximum length of 25 characters and consisting of letters, numbers, and special characters (- or _ only). This name is used to distinguish each connection and also used when selecting connections in User, Group, and Organization.

  4. On the Server tab, do the following:

    • Client ID — Enter a client ID from IDP.

    • Client Secret — Enter a client secret.

    • Callback URL — The URL to receive a response (code) after authentication is complete

    • Proof key for Code Exchange (PKCE) — Select Use for enhanced security between the client and server sides by providing mutual authentication.

    • Discovery URL — Enter a discovery URL provided by IDP.

    • Verified Discovery URL — Enter URL used to retrieve discovery documents.

    • Issuer — Enter IDP’s unique URI (used for validation)

    • Authorization Endpoint — Enter the URL used for authentication request.

    • Token Endpoint — Enter the URL used to send request for an ID/Access Token.

    • JWKS Endpoint — Set of keys containing the public keys used to verify any JWT issued by the authorization server.

    • User Info Endpoint — Enter the URL which returns claims about the authenticated end user.

    • Scopes — Specify access control parameter.

    • Additional Authorization Parameters — Enter any additional parameters that are sent when sign in, such as log in hint and SSO control.

    • Token Endpoint Authentication Method — Select an option to send client ID/Secret to Token endpoint after authentication.

      • Select Client Secret Basic for HTTP Basic authentication protocol.

      • Select Client Secret Post for HTTP POST Method.

    • IdP User Name — Select a claim for the IdP user name.

    • Knox Manage User Attribute — Select a user attribute to match against the IdP user name.

    • Assign to Users or Groups — Select Use to assign the created Custom OIDC connection to a set of users or groups.

  5. Click Save.

Is this page helpful?