OpenID configurations
If you have the Admin role, you can use Pismo Control Center to add and manage OpenID authentication configurations for an organization.
Create OpenID authentication configuration
For more information about using OpenID Connect for authentication with the Pismo platform, see Authentication with OpenID Connect.
To add an OpenID authentication configuration to an Org, you must provide a public encryption key for use when authenticating with the Pismo platform. You also must specify one of the following authentication types:
- Standard: Gives the organization access to all Pismo endpoints that the customer has access to. It is managed internally by the Pismo platform.
- Third party: Gives access to selected Pismo endpoints, based on OIDC permission groups. This method is typically managed for you by a third-party provider.
The Third party authentication type is not available in the current release. For more information, refer to Third-party authentication with OpenID Connect.
To create an OpenID authentication configuration:
- From the main menu, select Configurations > OpenID.
- On the OpenID screen, select Create.
- On the Create new OpenID screen, select one of the following authentication types:
- Standard
- Third-party
- Provide the public encryption key, either by pasting it onto the Public key field or dragging a text file into the upload area of the screen, then select Create.
View and edit OpenID authentication configurations
The following table describes the elements of an OIDC authentication configuration.
| Field | Description | Example |
|---|---|---|
| Tenant ID | Organization ID | tn-123456-A789-42A2-8B0E-2052D05577D7 |
| auth_type | Authentication type | STANDARD (the THIRD_PARTY type is not available in the current release) |
| Status | Status of the authentication configuration | ACTIVE |
| public_key | Public encryption key used for authentication | ----BEGIN CERTIFICATE---- MIIEajCCAtKgAwIBAgIQaA1mKgVN/KPB4gLfCWcDUDADCpyb2 . . . ----END CERTIFICATE----- |
| created_at | Timestamp when the authentication configuration was created | 9/13/24 14:58 |
| update_at | Timestamp when the authentication configuration was last updated. | 9/13/24 14:58 |
| signer_audience | Audience for the signer. | Can be an ID or a URL |
| signer_issuer | Issuer for the signer. | Can be an ID or a URL |
| verifier_audience | Audience for the verifier. | Can be an ID or a URL |
| verifier_issuer | Issuer for the verifier. | Can be an ID or a URL |
| verifier_subject | Subject for the verifier. | Can be an ID or a URL |
Deactivating a configuration
A configuration cannot be deleted, only deactivated. Once deactivated, it cannot be reactivated.
To view and edit OpenID authentication configurations:
- From the main menu, select Configurations > OpenID.
- On the OpenID screen, select an OpenID configuration to view its details.
- (Optional) You can optionally also do one of the following on the OpenID screen:
- Select the Active toggle to deactivate the OpenID authentication configuration.
- Select Edit to change the public key value.
Updated about 18 hours ago