Creating an OpenID Connect authorization realm

You can create an OpenID Connect (OIDC) authorization realm to use Microsoft Entra ID or Okta server for authorization.

1. On the server, click Settings > Authorization (Groups) > Create Authorization Realm. The Create Authorization Realm dialog box opens.
2. Enter a name in the Name field.
3. Ensure that OIDC is selected in the Type list.
4. Select any of the following vendors:

   Table 1. OIDC Vendors

   Vendor name	Description
   Microsoft Entra ID	Allows you to retrieve group details from Microsoft Entra ID. When selected, specify any of the following group source: App Roles – To enable Application Role validation through the roles claim, the Microsoft Entra ID authorization realm requires specific configuration. You must ensure that the Entra ID manifest is set to requestedAccessTokenVersion: 2 and that the application is exposed as an API. Finally, you must map the resulting API ID as a designated scope within the Deploy authentication realm settings. Security Groups – Microsoft Entra ID authorization realm calls the Microsoft Graph API to fetch Security Groups. The group's Object ID (GUID) is used to map to groups in Deploy. You must ensure that the Entra ID manifest is set to requestedAccessTokenVersion: 2.
   Okta	To enable group-based authorization, the Okta realm validates the groups claim within the security token. This action requires a dedicated authorization server to be defined in Okta. Additionally, configure the application's authentication realm with the specific Issuer and associated endpoints provided by that authorization server.

5. Click Save.