Provisioning of OpenID Connect application

You must have one of these security roles to provision an OpenID Connect application:
  • Infor-SystemAdministrator
  • IFSApplicationAdmin
Note: When the client secret is reset, all applications that share the secret stop working. To improve security and avoid sharing client credentials between applications, create a separate integration scenario for each application.
  1. Select Security > Security Administration > Service Provider.
  2. Expand Service Provider OpenID Connection.
  3. Click the Plus icon to add a new item.
  4. Specify this information:
    Client Name
    Provide a user-friendly name for the client application. You can use up to 255 characters including spaces and special characters.
    Description
    Provide the explanation of what the client application does or what is its purpose. You can use up to 255 characters including spaces and special characters.
    Redirect URL
    Provide a unique URL, based on the application metadata, to which the user is redirected after authentication. The URL must start with https. You can add up to ten URLs.
    Logout URL
    Optionally, provide a URL to which the user is redirected after signing out of the identity provider. The URL must start with https.
    Bypass consent page
    Optionally, clear this check box to show users the consent screen during the application access. Users can select scopes on the consent page. When the check box is selected, users are redirected to the application page without seeing the consent screen.
    Scopes
    Optionally, provide a list of scopes, which are permissions requested by the client. Use either spaces or commas to separate the scopes, and apply the same separator consistently. You can use custom scopes.
    JWKS URI
    Optionally, provide a URL for a JSON Web Key Set (JWKS). The URL is used by the authorization server to verify the client's JSON Web Tokens (JWTs). The URL must start with https.
    Logical ID
    Optionally, add logical IDs for Infor applications. You can add up to ten logical IDs.
  5. Click the Save icon.

    After the configuration is saved, client credentials are generated, and you can use them to configure the application.

  6. In the Download OpenID Credentials dialog box, click Download.
    You can download the client secret only during the registration process. If required, you can later reset the secret and download it. You can only download it once.

    The URL in the Well-known endpoint field provides the identity provider metadata necessary to complete the application integration process.