Configuring the Self-Service Request Portal

3.6 Configuring the Self-Service Request Portal

See the Derived Credentials Self-Service Request Portal guide for details of configuring your system to use in Self-Service Request Portal. In particular, refer to the External identity providers section for information on configuring the Self-Service Request Portal to use Microsoft Entra as an identity provider.

You are recommended to make the following specific changes to the myid.json configuration file:

Map the Entra ID attribute oid to XuSYSExternalReferenceId1 to ensure there is a mapping between the Entra object and the MyID account.

Note: If you use a different field than XuSYSExternalReferenceId1, you must make sure that you configure the External Entra Reference option in the External Systems workflow to use the appropriate field; see section 3.7.3, Setting up the external system.
Map the Entra ID attribute preferred_username to LogonName; otherwise, the logon name is a numeric value, created at issuance.
Set the Mappings node to include a roles mapping that includes the Password User role.

3.6.1 Example SSRP configuration file

The following example myid.json file contains example mappings for your SSRP system.

Placeholders are enclosed in square brackets [].

See the Configuring the Self-Service Request Portal for external identity providers section in the Derived Credentials Self-Service Request Portal guide for more detailed information.

Copy

{
  "Providers":[
    {
      "Name":"Entra",
      "DisplayName":"Sign in with Microsoft",
      "Url":"https://login.microsoftonline.com/[tenant]/v2.0",
      "Enabled":true,
      "Type":"oid",
      "Default":true,
      "Scopes":"openid email profile",
      "ClientId":"[clientID]",
      "ClientSecretClear":"[clientsecret]",
      "ClientSecret":"[clientsecretencrypted]",
      "RetrieveUserInfo":true,
      "Mappings":[
        {
          "Match":{
            
          },
          "Attributes":[
            {
              "From":"oid",
              "To":"XuSYSExternalReferenceId1",
              "Mandatory":true,
              "Unique":true,
              "Update":true
            },
            {
              "From":"preferred_username",
              "To":"Email",
              "LookupExisting":true,
              "LdapSync":true
            },
            {
              "From":"preferred_username",
              "To":"LogonName"
            },
            {
              "From":"name",
              "To":"FullName"
            },
            {
              "From":"family_name",
              "To":"Surname",
              "Update":true
            },
            {
              "From":"given_name",
              "To":"FirstName"
            },
            {
              "From":"",
              "To":"Roles",
              "Static":"<role name='Derived Credential Owner' scope='1'/><role name='Cardholder' scope='1'/><role name='PasswordUser' scope='1'/>"
            },
            {
              "From":"",
              "To":"GroupName",
              "Static":"Imported From Microsoft"
            },
            {
              "From":"",
              "To":"ParentGroupName",
              "Static":"External"
            }
          ]
        }
      ]
    }
  ]
}