7.2 Configuring your external identity provider

How the external identity provider works may vary between providers. You must set up the following in the external identity provider:

• The client ID.

  This is an identifier for the OpenID Connect application. Create this in your identity provider.

• A client secret.

  This is a password that secures the connection between SSRP and the identity provider. Create a new secret in your identity provider. Make sure you take a note of the secret when you create it; for security reasons, typically you cannot recover a client secret after you have created it and navigated away from the creation screen.

• Redirect URI.

  You must configure the identity provider to allow responses to be returned to SSRP.

  Add the following to the external provider's list of allowed redirect URIs:

  https://<server><website>?name=<name>

  For example, you have a website called:

  myserver.example.com

  Your configured web application for OpenID Connect identity providers has the alias:

  /SSRPOID

  In the myid.production.json file for this website folder, you have set the Name attribute to:

  Entra

  When you set up your external identity provider, you must allow the following redirect URI:

  https://myserver.example.com/SSRPOID?name=Entra