OpenID Connect (OIDC) configuration
Configure OpenID Connect (OIDC) to authenticate users by using trusted identity providers, including Microsoft Entra ID, Google OpenID Connect, Okta, and Active Directory Federation Services. This configuration supports secure sign-on and centralizes identity management.
Users with Organization Administrator and Developer Production and Non-Production roles can modify the OIDC configuration.
OpenID Connect (OIDC) is an identity layer that is built on OAuth 2.0. It enables applications to authenticate users and obtain profile information from an identity provider.
IBM Sterling® Order Management System supports the following OIDC identity providers:
- Microsoft Entra ID
- Google Open ID Connect
- Okta
- Active Directory Federation Services
Before you begin
Complete the following actions.
- Register your application with the identity provider.
- Retrieve the values for client ID, client secondary ID, client secret, OIDC discovery endpoint URL, and OIDC logout URL.
- If you are a new user, add a firewall policy in Self Service to enable communication with the OIDC server.
- If you are a new user, import the OIDC server certificate as an outbound certificate by using
the steps explained in Adding outbound certificates.Note:
- If you are already using IBMid and want to migrate and use a new OIDC provider (Active Directory Federation Services, Google Open ID Connect, or Okta), contact IBM support.
- When you use Microsoft Entra ID, firewall policies are not required, because certificate handling is supported in next-generation environments.
Note: Configure your authentication credentials for every environment. Configure OIDC authentication
by registering the application with your identity provider. Then add the provider details in the
Order Management System. Applying the configuration redeploys the environment with your latest
customization. The latest saved OIDC configuration is used when changes are applied.