Use the following procedure to understand how to configure an Open ID Connect integration with NetCloud Manager.
Note
Details about using any particular IdP app are not included in this procedure. Attribute names vary between identity providers and only generic names are used in this procedure.
Login to NetCloud Manager.
Select Account > Single-Sign On.
Select Add > OIDC Identity Provider.
Add a unique name for the OIDC integration in the Name field.
Add a company identifier in the Company Identifier field. The company identifier must be globally unique. This identifier is used when logging in to NetCloud Manager.
Use the name of your OIDC IdP app and add it in the Client ID field.
Add a client secret in the Client Secret field.
Add the configuration URL from your OIDC IdP app in the Discovery Endpoint field.
Select Next.
On the Claim Mappings page, add the corresponding names from your OIDC IdP app to the fields they match on this page. For examples of mapping claims between and IdP app and a NetCloud Manager SSO integration, see Mapping OIDC SSO Settings between an Okta IDP App and NetCloud Manager or Mapping OIDC SSO Settings between an Azure IDP App and NetCloud Manager.
Note
If you are using the Alias feature, add the name of the Alias to the Alias field.
Select Next.
Review the integration settings on the Summary page. You can use the Previous button to make changes to the settings on previous pages.
Select Finish to proceed to the Single-Sign On > Identity Providers page and activate the integration.
Select the ellipsis icon in the row of the integration to be enabled, then select Activate.
Note the following when activating an OIDC integration.The integration must be enabled before activating it.
More than one IdP can be activated at a time. This allows users to log in from any of the activated IdPs.
If only one IdP is activated, it can't be disabled.
After selecting the Activation option, the configuration is tested for validity. If the configuration is valid, the following screen displays.
Select I understand then select Activate.
Activating a valid integration essentially "migrates" users to the new SSO integration. Their username and password logins will no longer work for logins. Users will now login with the Sign In With SSO button and enter the Company Identifier specified in the integration's configuration.
After an integration is activated, it displays with an Active state on the Account > Single-Sign On > Identity Providers page. Integration can be edited from this page by clicking the ellipsis icon and then selecting Edit. Note that the Client ID, Client Secret, Discovery URL and Claim Mapping fields can't be edited.
Login to NetCloud Manager.
Select Account > Single-Sign On > Identity Providers.
Locate the OIDC integration to edit, then select the ellipsis icon for the integration and choose Edit.
On the Configuration page, only the Name and Company Identifier fields can be edited. Select Next to proceed to the Claim Mappings page.
Tip
If it is necessary to change any of the IdP app settings (Client ID, Client Secret or Discovery Endpoint), use the following steps.
Create a new integration with the updated IdP settings. Activate and test the new integration to verify it works as expected.
After the new integration is confirmed to function correctly, disable the integration being replaced.
The settings on the Claim Mappings page can't be edited. See Step 4 for details on changing IdP settings.
Select Next to proceed to the Summary page.
Select Finish to save and complete the edits to the integration.