OpenID Connect (OIDC) configuration

You can configure environments with your choice of an alternative authentication provider from a list of approved providers that are compliant with OpenID Connect (OIDC). You are encouraged to configure your authentication credentials for every environment. Applying the configuration redeploys the environment with your latest customization. The latest saved OIDC configuration is used when changes are applied.

Users with Organization Administrator and Developer Production and Non-Production roles can modify the OIDC configuration.

Before you begin

If you are a new user, ensure to complete the following prerequisites.

Add a new firewall policy in Self Service to enable communication with OIDC server.
Import the OIDC server certificate as an outbound certificate by using the steps explained in Adding outbound certificates.
Note: If you are already using IBMid and want to migrate for using a new OIDC provider (ADFS or Okta), contact IBM support.

Procedure

Access Self Service with your IBMid.
From the Self Service menu, click Environments.
From the list of environments, select an environment.
Go to the OIDC configuration tab.
Use the toggle to enable or disable configuring an alternative provider.
Based on your roles, view or modify the configuration.
To modify, click the edit icon and select OIDC provider.
Enter the values for the Client ID, Client secondary ID, Client secret, Provider discovery endpoint URL, and the Provider logout URL.

Note: The values that you need to enter for the fields are retrieved from your OIDC provider.
Save the changes and click Apply changes.

Applying the OIDC configuration redeploys the environment with your latest customization. View the status in the OIDC deployment processes table.