OpenID configurations

If you have the Admin role, you can use Pismo Control Center to add and manage OpenID authentication configurations for an organization.

Create OpenID authentication configuration

📘

For more information about using OpenID Connect for authentication with the Pismo platform, see Authentication with OpenID Connect.

To add an OpenID authentication configuration to an Org, you must provide a public encryption key for use when authenticating with the Pismo platform. You also must specify one of the following authentication types:

  • Standard: Gives the organization access to all Pismo endpoints that the customer has access to. It is managed internally by the Pismo platform.
  • Third party: Gives access to selected Pismo endpoints, based on OIDC permission groups. This method is typically managed for you by a third-party provider.

📘

The Third party authentication type is not available in the current release. For more information, refer to Third-party authentication with OpenID Connect.

To create an OpenID authentication configuration:

  1. From the main menu, select Configurations > OpenID.
  2. On the OpenID screen, select Create.
  3. On the Create new OpenID screen, select one of the following authentication types:
    1. Standard
    2. Third-party
  4. Provide the public encryption key, either by pasting it onto the Public key field or dragging a text file into the upload area of the screen, then select Create.

View and edit OpenID authentication configurations

The following table describes the elements of an OIDC authentication configuration.

FieldDescriptionExample
Tenant IDOrganization IDtn-123456-A789-42A2-8B0E-2052D05577D7
auth_typeAuthentication type STANDARD (the THIRD_PARTY type is not available in the current release)
StatusStatus of the authentication configuration ACTIVE
public_keyPublic encryption key used for authentication----BEGIN CERTIFICATE----
MIIEajCCAtKgAwIBAgIQaA1mKgVN/KPB4gLfCWcDUDADCpyb2
. . .
----END CERTIFICATE-----
created_atTimestamp when the authentication configuration was created9/13/24 14:58
update_atTimestamp when the authentication configuration was last updated.9/13/24 14:58
signer_audienceAudience for the signer.Can be an ID or a URL
signer_issuerIssuer for the signer. Can be an ID or a URL
verifier_audienceAudience for the verifier.Can be an ID or a URL
verifier_issuerIssuer for the verifier.Can be an ID or a URL
verifier_subjectSubject for the verifier.Can be an ID or a URL

🚧

Deactivating a configuration

A configuration cannot be deleted, only deactivated. Once deactivated, it cannot be reactivated.

To view and edit OpenID authentication configurations:

  1. From the main menu, select Configurations > OpenID.
  2. On the OpenID screen, select an OpenID configuration to view its details.
  3. (Optional) You can optionally also do one of the following on the OpenID screen:
    1. Select the Active toggle to deactivate the OpenID authentication configuration.
    2. Select Edit to change the public key value.