7 External identity providers

The Self-Service Request Portal supports OpenID Connect identity providers for derived credentials – you authenticate to an external identity provider, and SSRP generates derived credentials based on the claims returned by the external system.

You can configure SSRP for multiple OpenID Connect providers; SSRP provides a choice of providers to the user when they access the SSRP website. You can also configure SSRP for one or more OpenID Connect providers in addition to the SSL provider.

As with standard client certificate authentication, MyID attempts to find a given user in the database and can make changes to the user. In the case of OpenID Connect , this is using the claims returned from the OpenID Connect provider. If the user is in the database, then some fields may be updated with values from the claims. If the user is not in the database, then the user is added using the values from the claims and an attempt is made to look the user up in the Active Directory to pull their details into the database.

If any error is thrown with either the import of the user or the request of the derived credential, then the user is not imported into MyID and no request is created.

Important: Back up your files before you make any changes. You are also recommended to back up your files after you have made your changes, and especially before updating or upgrading your MyID server.

To set up external credentials: