OpenID Connect (OIDC) configuration

You can configure environments with your choice of an alternative authentication provider from a list of approved providers that are compliant with OpenID Connect (OIDC). You are encouraged to configure your authentication credentials for every environment. Applying the configuration redeploys the environment with your latest customization. The latest saved OIDC configuration is used when changes are applied.

Users with Organization Administrator and Developer Production and Non-Production roles can modify the OIDC configuration.

Before you begin

If you are a new user, ensure to complete the following prerequisites.

Add a new firewall policy in Self Service to enable communication with OIDC server.
Import the OIDC server certificate by using the steps explained in Importing third-party certificates.
Note: If you are already using IBMid and want to migrate for using a new OIDC provider (ADFS or Okta), contact IBM support.

Procedure

Access the Self Service with your IBMid.
From the Self Service menu, click Environments.
From the list of environments, select an environment.
Go to OIDC configuration tab.
Use the toggle to enable or disable configuring an alternative provider.
Based on your roles, view or modify the configuration.
To modify, click the edit icon and select OIDC provider.
Enter the fields- Client ID, Client secondary ID, Client secret, Provider discovery endpoint URL, Provider logout URL.
Save the changes and click Apply changes.

Applying the OIDC configuration redeploys the environment with your latest customization. View the status in the OIDC deployment processes table.