OpenID Connect authentication
If you're a Control Center administrator, you can use Control Center to add and manage OpenID Connect (OIDC) authentication configurations for an organization. OIDC for Servers is the preferred way to authenticate with the Pismo platform. It provides greater security guarantees in service communications than basic authentication using client credentials. In addition, OpenID Connect supports multi-tenancy, allowing for multiple tenants to run in a single instance of the application while keeping their configurations and data isolated.
Create OpenID authentication configuration
To add an OpenID authentication configuration to an organization, you must provide a public encryption key for use when authenticating with the Pismo platform. You also must specify one of the following authentication types:
- Standard—Gives the organization access to all Pismo endpoints that the customer has access to. It is managed internally by the Pismo platform.
- Third-party—Gives access to selected Pismo endpoints, based on OIDC permission groups. This method is typically managed for you by a third-party provider and is not available through the Pismo Call Center.
Only standard authentication is available within Control Center. For more information on third-party authentication, refer to Third-party authentication with OpenID Connect.
To create an OpenID authentication configuration:
- From the main menu, select Users & permissions > OpenID.
- On the OpenID screen, select Create.
- On the Create new OpenID screen, select Standard as the authentication type (third-party is not currently available within Control Center).
- Provide the public encryption key. Either paste it onto the Public key field or drag a text file into the upload area of the screen, then select Create.
For more information about using OIDC with the Pismo platform, see Authentication with OpenID Connect.
View and edit OpenID Connect authentication configurations
The following table describes the elements of an OIDC authentication configuration.
| Field | Description | Example |
|---|---|---|
| Tenant ID | Organization ID | tn-123456-A789-42A2-8B0E-2052D05577D7 |
| auth_type | Authentication type | STANDARD (the THIRD_PARTY type is not available in the current release) |
| Status | Status of the authentication configuration | ACTIVE |
| public_key | Public encryption key used for authentication | ----BEGIN CERTIFICATE---- MIIEajCCAtKgAwIBAgIQaA1mKgVN/KPB4gLfCWcDUDADCpyb2 . . . ----END CERTIFICATE----- |
| created_at | Timestamp when the authentication configuration was created | 9/13/24 14:58 |
| update_at | Timestamp when the authentication configuration was last updated | 9/13/24 14:58 |
| signer_audience | Audience for the signer | Can be an ID or a URL |
| signer_issuer | Issuer for the signer | Can be an ID or a URL |
| verifier_audience | Audience for the verifier | Can be an ID or a URL |
| verifier_issuer | Issuer for the verifier | Can be an ID or a URL |
| verifier_subject | Subject for the verifier | Can be an ID or a URL |
Deactivating a configuration
A configuration cannot be deleted, only deactivated. Once deactivated, it cannot be reactivated.
To view and edit OpenID authentication configurations:
- From the main menu, select Users & permissions > OpenID.
- On the OpenID screen, select an OpenID configuration to view its details.
- (Optional) You can also do one of the following on the OpenID screen:
- Select the Active toggle to deactivate the OpenID authentication configuration.
- Select Edit to change the public key value.
Updated 3 days ago