Manage OpenID configurations

If you have the Admin role, you can use Pismo Control Center to add and manage OpenID authentication configurations for an organization.

Create OpenID authentication configuration

📘

For more information about using OpenID Connect for authentication with the Pismo platform, see Authentication with OpenID Connect.

To add an OpenID authentication configuration to an Org, you must provide a public encryption key for use when authenticating with the Pismo platform. You also must specify one of the following authentication types:

  • Standard: Gives the organization access to all Pismo endpoints that the customer has access to. It is managed internally by the Pismo platform.
  • Third party: Gives access to selected Pismo endpoints, based on OIDC permission groups. This method is typically managed for you by a third-party provider.

📘

The Third party authentication type is not available in the current release. For more information, refer to Third-party authentication with OpenID Connect.

To create an OpenID authentication configuration:

  1. From the main menu, select Organization > OpenID.
  2. On the OpenID screen, select Create.
  3. On the Create new OpenID screen, select one of the following authentication types:
    1. Standard
    2. Third-party
  4. Provide the public encryption key, either by pasting it onto the Public key field or dragging a text file into the upload area of the screen.
  5. Select Create.

List OpenID authentication configurations

To list OpenID authentication configurations:

  1. From the main menu, select Organization > OpenID.
  2. On the OpenID screen, select an OpenID configuration to view its details.

The following table describes the elements that make up an OIDC authentication details for a specific configuration.

FieldDescriptionExample
Tenant IDOrganization IDtn-123456-A789-42A2-8B0E-2052D05577D7
auth_typeAuthentication type STANDARD (the THIRD_PARTY type is not available in the current release)
StatusStatus of the authentication configuration ACTIVE
public_keyPublic encryption key used for authentication----BEGIN CERTIFICATE----
MIIEajCCAtKgAwIBAgIQaA1mKgVN/KPB4gLfCWcDUDADCpyb2
. . .
----END CERTIFICATE-----
created_atTimestamp when the authentication configuration was created9/13/24 14:58
update_atTimestamp when the authentication configuration was last updated.9/13/24 14:58
signer_audienceAudience for the signer.Can be an ID or a URL.
signer_issuerIssuer for the signer. Can be an ID or a URL.
verifier_audienceAudience for the verifier.Can be an ID or a URL.
verifier_issuerIssuer for the verifier.Can be an ID or a URL.
verifier_subjectSubject for the verifier.Can be an ID or a URL.

🚧

Deactivating a configuration

A configuration cannot be deleted, only deactivated. Once deactivated, it is not possible to reactivate a configuration.

To view OpenID authentication configuration details:

  1. From the main menu, select Organization > OpenID.
  2. On the OpenID screen, select the configuration you want to view.
  3. (Optional) On the OpenID details screen, do either of the following:
    • Select the Active toggle to deactivate the OpenID authentication configuration.
    • Select Edit to change the public key value.