Example OpenID Connect settings

6.6 Example OpenID Connect settings

The following are example sets of configuration options and mapping attributes for OpenID Connect. You can use these as a starting point for your own configuration in the appsettings.Production.json file for the web.oauth2 service; see section 6.2, Configuring OpenID Connect.

6.6.1 OpenID Connect settings for Microsoft Entra

Copy

"ExternalProviders":[
  {
    "Name":"OpenID Connect",
    "LogonMechanismId":121,
    "Action":"CreateAndUpdate",
    "OpenIdConnectOptions":{
    "ClientId":"bb61c9f6-9a71-42ba-a156-05db9a7a6407",
    "ClientSecret":"",
    "Authority":"https://login.microsoftonline.com/2fad39ef-cead-489d-a755-c3b45c762c4a/v2.0",
      "ResponseType":"code",
      "GetClaimsFromUserInfoEndpoint":true,
      "Scope":[
        "openid",
        "email",
        "profile",
        "user.read"
      ],
      "CallbackPath":"/loginOidc121",
      "Prompt":"login"
    },
    "ClientSecretEncrypted":"AQAAANCMnd8BFdERjHoAwE/C [...] JwWwaKXWoS3i+ulxtmjVQyudpQ==",
    "Mappings":[
      {
        "Match":{
          
        },
        "Attributes":[
          {
            "From":"oid",
            "To":"XuSYSExternalReferenceId2",
            "Mandatory":true,
            "Unique":true,
            "Update":true
          },
          {
            "From":"name",
            "To":"FullName"
          },
          {
            "From":"given_name",
            "To":"FirstName"
          },
          {
            "From":"family_name",
            "To":"Surname"
          },
          {
            "From":"",
            "To":"Roles",
            "Static":"<role name='Cardholder' scope='1'/>"
          },
          {
            "From":"",
            "To":"GroupName",
            "Static":"Imported From OpenID"
          },
          {
            "From":"",
            "To":"ParentGroupName",
            "Static":"External"
          }
        ]
      }
    ]
  }
]

6.6.2 OpenID Connect settings for Okta

Copy

"ExternalProviders":[
  {
    "Name":"Okta Dev",
    "LogonMechanismId":122,
    "Action":"CreateAndUpdate",
    "OpenIdConnectOptions":{
      "ClientId":"0obr57pqsgospYEYr8A1",
      "Authority":"https://myownoktadomain.okta.com",
      "ResponseType":"code",
      "GetClaimsFromUserInfoEndpoint":true,
      "Scope":[
        "openid",
        "email",
        "profile"
      ],
      "CallbackPath":"/loginOidc122",
      "Prompt":"login"
    },
    "ClientSecretEncrypted":"AQAAANCMnd8BFdERjHoAwE/C [...] JwWwaKXWoS3i+ulxtmjVQyudpQ==",
    "Mappings":[
      {
        "Match":{
          "email_verified":"True"
        },
        "Attributes":[
          {
            "From":"sub",
            "To":"XuSYSExternalReferenceId3",
            "Mandatory":true,
            "Unique":true,
            "Update":true
          },
          {
            "From":"name",
            "To":"FullName",
            "Update":true
          },
          {
            "From":"family_name",
            "To":"Surname",
            "Update":true
          },
          {
            "From":"given_name",
            "To":"FirstName"
          },
          {
            "From":"email",
            "To":"Email",
            "LookupExisting":true,
            "Update":true
          },
          {
            "From":"",
            "To":"Roles",
            "Static":"<role name='Cardholder' scope='1'/>"
          },
          {
            "From":"",
            "To":"GroupName",
            "Static":"Imported From Okta"
          },
          {
            "From":"",
            "To":"ParentGroupName",
            "Static":"External"
          }
        ]
      }
    ]
  }
]